distroless

🥑 Language focused docker images, minus the operating system. (by GoogleContainerTools)

Stats

Basic distroless repo stats
4
9,386
8.1
2 days ago

GoogleContainerTools/distroless is an open source project licensed under Apache License 2.0 which is an OSI approved license.

Distroless Alternatives

Similar projects and alternatives to distroless

  • GitHub repo dive

    A tool for exploring each layer in a docker image

  • GitHub repo dockerfiles

    Various Dockerfiles I use on the desktop and on servers.

  • GitHub repo jib

    🏗 Build container images for your Java applications.

  • GitHub repo bocker

    Docker implemented in around 100 lines of bash

  • GitHub repo API

    Documentation and Samples for the Official HN API

  • GitHub repo podman

    Podman: A tool for managing OCI containers and pods

  • GitHub repo hadolint

    Dockerfile linter, validate inline bash, written in Haskell

  • GitHub repo Sandboxie

    Sandboxie - Open Source

  • GitHub repo buildkit

    concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit

  • GitHub repo whalebrew

    Homebrew, but with Docker images

  • GitHub repo https-everywhere

    A browser extension that encrypts your communications with many websites that offer HTTPS but still allow unencrypted connections.

  • GitHub repo image-spec

    OCI Image Format

  • GitHub repo diun

    Receive notifications when an image is updated on a Docker registry

  • GitHub repo docker-socket-proxy

    Proxy over your Docker socket to restrict which requests it accepts

  • GitHub repo amber-docs

    https://openjdk.java.net/projects/amber

  • GitHub repo rootcerts

    Go package to embed the Mozilla Included CA Certificate List

  • GitHub repo community

    Community content for the Cloud Native Buildpacks (CNB) project (by buildpacks)

  • GitHub repo packages.redbeardlab.com

  • GitHub repo macondo

    generic, polyglot commands platform

  • GitHub repo spring-boot-jib

    This project is about Containerizing a Spring Boot Application With Jib

NOTE: The number of mentions on this list indicates mentions on common posts. Hence, a higher number means a better distroless alternative or higher similarity.

Posts

Posts where distroless has been mentioned. We have used some of these posts to build our list of alternatives and similar projects - the last one was on 2021-04-04.
  • Ask HN: Do I need to containerize my Go service?
    news.ycombinator.com | 2021-04-17
    Personally I don't use Docker containers for Go applications, but there is nothing wrong with putting everything in Docker for consistency. Most projects I know use Docker, even when its not needed, just for the consistency.

    One minimal Docker option with Go is to use a "distroless" Docker image: https://github.com/GoogleContainerTools/distroless/blob/main...

  • Show HN: I wrote an HN bot to suggest HTTPS url when people post HTTP URLs
    news.ycombinator.com | 2021-04-04
    My code only use the 10KiB blobs for comparison, so as long as I don't have any buffer overflow bug the actual content doesn't matter. Even if I had a buffer overflow bug, I'm running the code through Docker with distroless based image [0], so that helps a little as well. I guess I can also change docker's runtime from runc to runsc [1] to help mitigate further, but I don't really see that as necessary as it's quite hard to have buffer overflow bugs in go code.

    [0]: https://github.com/GoogleContainerTools/distroless

  • A categorized list of all Java and JVM features since JDK 8 to 16
    news.ycombinator.com | 2021-04-01
  • The worst so-called “best practice” for Docker
    Have ended up using the google distroless base images (https://github.com/GoogleContainerTools/distroless) for Go and Java code to keep the potential attack surface as small as possible - with the added bonus that the produced containers are pretty small.
  • Docker & Dockerfile Security Cheat Sheet
    reddit.com/r/docker | 2021-03-14
    Bonus1: Do not forget to use distroless/static:nonroot images, if possible.
  • Announcing Spring Native Beta
    reddit.com/r/java | 2021-03-12
    here's the full list of libraries required by java, on top of the onces from base.
    reddit.com/r/java | 2021-03-12
    Thanks for sharing this. Wondering why are using java-debian10:base instead of https://github.com/GoogleContainerTools/distroless/tree/master/base since it packages the runtime?
    reddit.com/r/java | 2021-03-12
    We do. As of this pr, you can use distroless with your own jlink + spring boot.
  • What are your Dockerfile best practices? And which ones are harder to implement?
    reddit.com/r/docker | 2021-03-09
    This: https://github.com/GoogleContainerTools/distroless
  • Building Docker Images the Proper Way
    dev.to | 2021-02-01
    It's generally hard to find/avoid vulnerabilities in Docker images but it can made a little easier if the image includes only the bare minimum needed to run the application. One such image - or rather set of images - is Distroless made by Google. Distroless images are trimmed down to the point that they don't even have shells or package managers, which makes them much better security-wise than Debian or Alpine-based images. If you're using multi-step Docker build, then most of the time, switching to Distroless runner image is as simple as this:
  • Containerizing Apps with jlink - A JDK utility greatly facilitates containerizing your applications
    reddit.com/r/java | 2021-01-23
    You phrase this question like it's either or, when you can use both at the same time. You'd build the jlink image either elsewhere or as part of your build step, then would use that image as your base image, or copy the files in as additional files in maven or gradle. Still a bit involved tho, perhaps there's room for a jib jlink plugin?
  • Demystifying Google Container Tool Jib: A Java Image Builder
    dev.to | 2021-01-20
    Since there are no package managers installed and you cannot do ssh to your container running with distroless base image makes them hard for debugging. In an ideal world, you would add better logging then you know enable shell access for your containers. But there are ways with which you can add shell support and debug your application.
  • Lightweight and Performance Dockerfile for Node.js
    reddit.com/r/node | 2021-01-19
  • Embed CA root certificates in your Go program. What time/tzdata is for the time zone database is this package for the CA root certificates.
    reddit.com/r/golang | 2021-01-17
    And another alternative is https://github.com/GoogleContainerTools/distroless
  • Is there a lighter-weight python:3 container besides "from docker:3"
    reddit.com/r/docker | 2021-01-07
    One of the gotchas with the Python distroless images is that the supported way of bringing in dependencies is with the rules_python bazel directive and not via Dockerfile directives which is more widely known. I still prefer using `pip3 install` in the build image and just copying over directories as needed, but it gets a little bit trickier (may require some trial & error) when there are compiled/lib dependencies but is completely usable.