https://me.harvester.fr/tags/distroless/DistrolessHugoBlox Kit (https://hugoblox.com)en-usSat, 25 May 2024 00:00:00 +0000https://me.harvester.fr/media/icon_hu_59c72f5082cfcb9b.pnghttps://me.harvester.fr/tags/distroless/https://me.harvester.fr/project/chainguard-images/Sat, 25 May 2024 00:00:00 +0000https://me.harvester.fr/project/chainguard-images/<p><strong>chainguard-images</strong> is a curated collection of secure, minimal, and production-ready container images built on top of Chainguard&rsquo;s distroless base images (Wolfi/Apko). By stripping out unnecessary tools, shells, package managers, and libraries, these images achieve an extremely small footprint and approach a <strong>Zero-CVE</strong> status by design.</p> <p>This collection packages various applications and language runtimes, ensuring secure-by-default execution in modern container orchestration stacks.</p> <h3 id="security-benefits-of-distroless">Security Benefits of Distroless</h3> <ul> <li><strong>Minimizing Attack Surface:</strong> Removing standard shell binaries (<code>/bin/sh</code>, <code>/bin/bash</code>) and diagnostic tools prevents attackers from executing arbitrary commands upon compromise.</li> <li><strong>Vulnerability reduction:</strong> Eliminating unused packages results in container images that trigger fewer CVE alerts in security scanners.</li> <li><strong>Secure Ingestion:</strong> Optimized for high-assurance and air-gapped container registries that require signed, low-overhead artifacts.</li> <li><strong>Reproducible Builds:</strong> Compiled using secure and verifiable declarative build files.</li> </ul>