2 repositorios
The process of minimizing the attack surface of a container by removing unnecessary binaries and tools.
Distinct from Attack Surface Analysis: Distinct from general Attack Surface Analysis as it focuses on the concrete removal of components from the image.
Explore 2 awesome GitHub repositories matching security & cryptography · Container Surface Reduction. Refine with filters or upvote what's useful.
Distroless provides a set of OCI-compliant minimal base images and hardening tools designed to create secure, language-specific execution environments. These images are stripped of non-essential system binaries, shells, and package managers to reduce the container attack surface. The project utilizes upstream-tracked automated patching to monitor operating system releases and generate updated images when security vulnerabilities are addressed. It ensures supply chain integrity through image provenance verification using ephemeral-key digital signatures. The system supports the generation of
Limits security exploit vectors by removing shells, package managers, and unnecessary binaries from images.
Unikraft is a modular library operating system and unikernel framework designed to compile applications into minimal, bootable virtual machine images. It serves as an OCI-compliant image builder and a cloud-native hypervisor target, enabling the creation of specialized runtimes that include only the specific drivers and libraries required by a single application. The system features a Linux compatibility layer that maps standard API calls and POSIX standards to unikernel libraries, allowing unmodified binaries to run without a full general-purpose kernel. It distinguishes itself by allowing c
Minimizes the attack surface by removing unnecessary shells and services from the runtime environment.