distroless
distroless copied to clipboard
GoogleContainerTools
🥑 Language focused docker images, minus the operating system.
It seems builds [are supposed to be attested](https://security.googleblog.com/2021/09/distroless-builds-are-now-slsa-2.html) but they have not since November 28th 2021 Old image works: ```sh cosign verify-attestation --key https://raw.githubusercontent.com/GoogleContainerTools/distroless/main/cosign.pub gcr.io/distroless/base@sha256:4f8aa0aba190e375a5a53bb71a303c89d9734c817714aeaca9bb23b82135ed91 ``` Latest image does not...
AdoptOpenJDK has migrated to Eclipse foundation, and the new distribution of Java is called Temurin https://blog.adoptopenjdk.net/2021/03/transition-to-eclipse-an-update/ This is TCK certified https://www.infoq.com/news/2021/10/adoptium-releases-temurin-jdk/ It has debian packages https://blog.adoptium.net/2021/12/eclipse-temurin-linux-installers-available/ It has major vendor...
Working with [this commit](`495b891abf6e8d74af148a322fb3b362066958ca`). When I write `debian_packages.yaml`, I have to manually look up transitive dependencies from [debian packages](https://packages.debian.org/search). I guess that's maintainable-ish for a small number of packages. But...
Generally whenever distroless publishes new images, we see a rash of CI failures (e.g. cosigned e2e tests) because the tagged images aren't signed. Looking through, distroless is also unfortunately signing...
I found https://github.com/GoogleContainerTools/distroless/issues/217 when googling why I was encountering the error about the library libz.so.1 being missing when trying to launch a container from an image I built based on...
Hi all, Looking into using these images in my own development workflow but I'm finding it hard to see how to add in specific shared libraries where it's necessary for...
python3 images (both debian9 and debian10) contains manpage, document files. It seems useless because distroless doesn't provide shell access. These files are introduced with Python because they seem to be...
I've just tried one the examples (https://github.com/GoogleContainerTools/distroless/tree/master/examples/python3-requirements) and I see that I'm able to `docker run --entrypoint=sh -ti hello:latest` into it and start a python shell. Is that expected? This...
I have recently started to look into migrating our existing alpine OS based Java services to distroless images. And one thing I am missing is some kind of document to...
```shell % COSIGN_EXPERIMENTAL=1 cosign verify gcr.io/distroless/base:debug Error: no matching signatures: main.go:46: error during command execution: no matching signatures: ``` The others are signed though: ```shell $ COSIGN_EXPERIMENTAL=1 cosign verify gcr.io/distroless/base:nonroot...
Metadata
Owner
Metadata
🥑 Language focused docker images, minus the operating system.