Stats
Basic distroless repo stats
4
9,386
8.1
2 days ago
GoogleContainerTools/distroless is an open source project licensed under Apache License 2.0 which is an OSI approved license.
Distroless Alternatives
Similar projects and alternatives to distroless
-
-
-
Scout APM
Scout APM - Leading-edge performance monitoring starting at $39/month. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.
-
-
-
-
-
-
-
-
-
https-everywhere
A browser extension that encrypts your communications with many websites that offer HTTPS but still allow unencrypted connections.
-
-
-
-
-
-
-
-
NOTE:
The number of mentions on this list indicates mentions on common posts.
Hence, a higher number means a better distroless alternative or higher similarity.
Posts
Posts where distroless has been mentioned. We have used some of these posts to build our list of alternatives and similar projects - the last one was on 2021-04-04.
-
Ask HN: Do I need to containerize my Go service?
Personally I don't use Docker containers for Go applications, but there is nothing wrong with putting everything in Docker for consistency. Most projects I know use Docker, even when its not needed, just for the consistency.
One minimal Docker option with Go is to use a "distroless" Docker image: https://github.com/GoogleContainerTools/distroless/blob/main...
-
Show HN: I wrote an HN bot to suggest HTTPS url when people post HTTP URLs
My code only use the 10KiB blobs for comparison, so as long as I don't have any buffer overflow bug the actual content doesn't matter. Even if I had a buffer overflow bug, I'm running the code through Docker with distroless based image [0], so that helps a little as well. I guess I can also change docker's runtime from runc to runsc [1] to help mitigate further, but I don't really see that as necessary as it's quite hard to have buffer overflow bugs in go code.
- A categorized list of all Java and JVM features since JDK 8 to 16
-
The worst so-called “best practice” for Docker
Have ended up using the google distroless base images (https://github.com/GoogleContainerTools/distroless) for Go and Java code to keep the potential attack surface as small as possible - with the added bonus that the produced containers are pretty small.
-
Docker & Dockerfile Security Cheat Sheet
Bonus1: Do not forget to use distroless/static:nonroot images, if possible.
-
Announcing Spring Native Beta
here's the full list of libraries required by java, on top of the onces from base.
Thanks for sharing this. Wondering why are using java-debian10:base instead of https://github.com/GoogleContainerTools/distroless/tree/master/base since it packages the runtime?
We do. As of this pr, you can use distroless with your own jlink + spring boot.
-
What are your Dockerfile best practices? And which ones are harder to implement?
This: https://github.com/GoogleContainerTools/distroless
-
Building Docker Images the Proper Way
It's generally hard to find/avoid vulnerabilities in Docker images but it can made a little easier if the image includes only the bare minimum needed to run the application. One such image - or rather set of images - is Distroless made by Google. Distroless images are trimmed down to the point that they don't even have shells or package managers, which makes them much better security-wise than Debian or Alpine-based images. If you're using multi-step Docker build, then most of the time, switching to Distroless runner image is as simple as this:
-
Containerizing Apps with jlink - A JDK utility greatly facilitates containerizing your applications
You phrase this question like it's either or, when you can use both at the same time. You'd build the jlink image either elsewhere or as part of your build step, then would use that image as your base image, or copy the files in as additional files in maven or gradle. Still a bit involved tho, perhaps there's room for a jib jlink plugin?
-
Demystifying Google Container Tool Jib: A Java Image Builder
Since there are no package managers installed and you cannot do ssh to your container running with distroless base image makes them hard for debugging. In an ideal world, you would add better logging then you know enable shell access for your containers. But there are ways with which you can add shell support and debug your application.
- Lightweight and Performance Dockerfile for Node.js
-
Embed CA root certificates in your Go program. What time/tzdata is for the time zone database is this package for the CA root certificates.
And another alternative is https://github.com/GoogleContainerTools/distroless
-
Is there a lighter-weight python:3 container besides "from docker:3"
One of the gotchas with the Python distroless images is that the supported way of bringing in dependencies is with the rules_python bazel directive and not via Dockerfile directives which is more widely known. I still prefer using `pip3 install` in the build image and just copying over directories as needed, but it gets a little bit trickier (may require some trial & error) when there are compiled/lib dependencies but is completely usable.