Distroless Alternatives
Similar projects and alternatives to distroless
-
-
-
Scout APM
Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.
-
spring-boot-jib
This project is about Containerizing a Spring Boot Application With Jib
-
-
-
-
-
SonarQube
Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.
-
-
docker-socket-proxy
Proxy over your Docker socket to restrict which requests it accepts
-
example-bazel-monorepo
🌿💚 Example Bazel-ified monorepo, supporting Golang, Java, Python, Scala, and Typescript
-
-
-
fastapi
FastAPI framework, high performance, easy to learn, fast to code, ready for production
-
Lean and Mean Docker containers
DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
-
-
buildkit
concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit
-
-
-
-
distroless reviews and mentions
- How to Containerize a Golang App With Docker for Development and Production
-
Minikube now supports rootless podman driver for running Kubernetes
Unikernel is what you're interested in, but it's not as easy as taking some Linux-based server software and spitting out a bootable image for bare metal. If you strip the kernel and OS out you lose the network stack and all kinds of system services that most software depends on directly.
I think Google's distroless container images are worth checking out as a quasi-alternative: https://github.com/GoogleContainerTools/distroless You use them as a base for a docker image and copy in your server code. These images are tailor made to strip out _everything_ that's not necessary to run the software--there's no shell for example. So you're still running a Linux kernel, libc, etc. but there's nothing there for an attacker to use other than your app code.
-
I heard docker container does not need an OS for runing but i think the os is base image ?
For many applications that I work with, we use a distroless build - https://github.com/GoogleContainerTools/distroless
-
The Promise of WASM
As a result - the web is full of tutorials on how to make your images smaller. There are distroless containers. There's even smart (did anyone say AI?) software to analyze your containers and reduce their size. It all looks a bit upside down. The tech is built on packaging a lot of redundant stuff and we now need more tech to clean up the mess. Why not build it right from the get go by only packaging what we need?
-
Single Stage and Multi Stage Dockerfiles for Rust Apps
meh, distroless image for final image is much better than debian-slim that is if you have OpenSSL.
-
Distroless Alpine
In my day job, we've been using Google's Distroless images for some time. The benefits of this are well known: smaller image and attack surface. However, what we didn't expect is to still to have to deal with a significant amount of toil dealing with vulnerability triage (see Snyk output below for distroless/base). It could be argued our SDLC is a little, clunky and we're not quite ready for scratch (Graal, Golang, etc.,) images yet so what can we do in the interim? 🤔
-
Running Containers on AWS Lambda
Not surprising if you think about it. In the final stage your artifact is a static binary. When paired with a base image like distroless it’s about as lean as any image can get
- Stop root docker login
- Step-by-step to learn writing Dockerfile for Go apps.
-
I will never return back to Node.JS after writing Go
A lot of services won’t work with scratch, but the static distroless is pretty close size-wise.
I mostly use distroless these days. It includes a few things like time zone and root certificate files. See here https://github.com/GoogleContainerTools/distroless/blob/main/examples/go/Dockerfile
-
Chainguard: It's All About That Base Image
A lot can probably be mitigated by using base images like distroless.
-
Ask HN: Who operates at scale without containers?
Google's debian-based distroless is fascinating: https://github.com/GoogleContainerTools/distroless
-
How to make Docker images even smaller
If you decouple you build from your packaging you can also use from-scratch containers. You can also use distroless' static image [0] to get a posix-y environment with as little space as possible. Total image size of the static image is ~2.4mb and it comes with a `nonroot` user configured to lock down your perms and packages like ca-certs that are often forgotten.
You can make use of this with multistage builds or with build systems like Bazel and Please.build.
[0] - https://github.com/GoogleContainerTools/distroless/blob/main...
Stats
GoogleContainerTools/distroless is an open source project licensed under Apache License 2.0 which is an OSI approved license.
Popular Comparisons
Are you hiring? Post a new remote job listing for free.