# GoogleContainerTools/distroless **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/googlecontainertools-distroless).** 22,254 stars · 1,353 forks · Starlark · apache-2.0 ## Links - GitHub: https://github.com/GoogleContainerTools/distroless - awesome-repositories: https://awesome-repositories.com/repository/googlecontainertools-distroless.md ## Topics `bazel` `docker` ## Description Distroless provides a collection of security-hardened, minimal base container images designed to reduce attack surfaces by excluding non-essential system utilities, package managers, and shells. These images are constructed to contain only an application and its specific runtime dependencies, enforcing the principle of least privilege by configuring environments for non-root execution. The project distinguishes itself through a focus on supply chain integrity and reproducible builds. It utilizes declarative build configurations to track package versions and validates container image integrity through cryptographic signatures. By bundling language-specific runtimes—including Java, Python, and JavaScript—alongside statically linked dependencies, it ensures that production environments remain consistent and free of unnecessary binaries. The platform supports diverse infrastructure requirements by generating multi-architecture image manifests from single source definitions. While the default images are stripped-down for security, the project also provides optional debug-enabled variants that include essential troubleshooting tools. Comprehensive package metadata is exposed to facilitate auditing and verification of all software components within the container environment. ## Tags ### DevOps & Infrastructure - [Container Base Images](https://awesome-repositories.com/f/devops-infrastructure/container-base-images.md) — Offers minimal, language-specific container base images containing only essential runtime dependencies. - [Container Image Packaging](https://awesome-repositories.com/f/devops-infrastructure/container-image-packaging.md) — Bundles applications into stripped-down container images containing only essential dependencies to minimize attack surfaces. ([source](https://github.com/GoogleContainerTools/distroless#readme)) - [Container Image Optimizers](https://awesome-repositories.com/f/devops-infrastructure/container-orchestration/image-management-tools/container-image-optimizers.md) — Ships stripped-down container images containing only essential application dependencies to minimize attack surfaces. - [Minimalist Runtimes](https://awesome-repositories.com/f/devops-infrastructure/container-security/minimalist-runtimes.md) — Executes applications in stripped-down container environments that exclude shells and package managers. - [Image Integrity Verification](https://awesome-repositories.com/f/devops-infrastructure/container-images/image-integrity-verification.md) — Validates digital signatures of container images to ensure only trusted code is deployed. ([source](https://github.com/GoogleContainerTools/distroless/blob/main/WORKSPACE)) - [Container Images](https://awesome-repositories.com/f/devops-infrastructure/container-images.md) — Triggers automated container image builds to ensure registries contain the latest runtime versions. ([source](https://github.com/GoogleContainerTools/distroless/blob/main/RELEASES.md)) - [Multi-Architecture Images](https://awesome-repositories.com/f/devops-infrastructure/containerization/image-building/multi-architecture-images.md) — Generates cross-platform container images from single source definitions to support diverse hardware architectures. - [Multi-Architecture Deployments](https://awesome-repositories.com/f/devops-infrastructure/multi-architecture-deployments.md) — Builds container images for diverse hardware platforms to ensure compatibility across different infrastructure targets. ([source](https://github.com/GoogleContainerTools/distroless/blob/main/distro.bzl)) - [Static Dependency Bundlers](https://awesome-repositories.com/f/devops-infrastructure/dependency-resolution/static-dependency-bundlers.md) — Bundles required system libraries and runtimes into self-contained environments to ensure execution without external tools. - [Compiled Binaries](https://awesome-repositories.com/f/devops-infrastructure/distribution-packaging/software-distribution/compiled-binaries.md) — Bundles minimal Linux runtime environments to execute statically compiled binaries without unnecessary system tools. ([source](https://github.com/GoogleContainerTools/distroless/tree/main/cc)) - [Version Tracking Tools](https://awesome-repositories.com/f/devops-infrastructure/cicd-pipeline-automation/version-tracking-tools.md) — Maintains lists of specific package versions from supported distributions to ensure reproducible container builds. ([source](https://github.com/GoogleContainerTools/distroless/blob/main/SECURITY.md)) - [Package Metadata](https://awesome-repositories.com/f/devops-infrastructure/package-metadata.md) — Exposes comprehensive package metadata and checksums to facilitate auditing of software components. ([source](https://github.com/GoogleContainerTools/distroless/blob/main/PACKAGE_METADATA.md)) ### Security & Cryptography - [Hardened Container Images](https://awesome-repositories.com/f/security-cryptography/hardened-container-images.md) — Provides standardized, security-hardened base container images designed to reduce attack surfaces. - [Supply Chain Integrity](https://awesome-repositories.com/f/security-cryptography/hardened-container-images/supply-chain-integrity.md) — Validates container image integrity through cryptographic signatures and detailed package metadata. - [Provenance Verification](https://awesome-repositories.com/f/security-cryptography/provenance-verification.md) — Validates container image integrity through cryptographic signatures to ensure supply chain security. - [Secure Execution Environments](https://awesome-repositories.com/f/security-cryptography/secure-execution-environments.md) — Deploys production applications within hardened, non-root execution environments that exclude unnecessary system tools. - [Container Hardening](https://awesome-repositories.com/f/security-cryptography/security/infrastructure-and-hardware/infrastructure-system-hardening/linux-security-hardening/container-hardening.md) — Enforces non-root execution and minimal system access to reduce the attack surface of containerized applications. - [Least Privilege Enforcement](https://awesome-repositories.com/f/security-cryptography/least-privilege-enforcement.md) — Configures container images to run applications with restricted user privileges to enforce least privilege. ([source](https://github.com/GoogleContainerTools/distroless/blob/main/examples/java/BUILD)) ### Development Tools & Productivity - [Build Configurations](https://awesome-repositories.com/f/development-tools-productivity/build-tooling/build-orchestration-logic/build-orchestration-configuration/build-configuration-systems/build-configurations.md) — Uses structured build files to define exact package versions and contents for reproducible container images. - [Rootfs Construction](https://awesome-repositories.com/f/development-tools-productivity/minimalist-software-distributions/rootfs-construction.md) — Builds container images by assembling only essential runtime dependencies while omitting shells and package managers. ### Programming Languages & Runtimes - [Container Runtimes](https://awesome-repositories.com/f/programming-languages-runtimes/programming-language-varieties/programming-languages/dynamic-scripting-languages/python/container-runtimes.md) — Provides language-specific runtime environments packaged into minimal, secure container images. ([source](https://github.com/GoogleContainerTools/distroless/blob/main/python3/README.md)) - [Multi-Language Runtimes](https://awesome-repositories.com/f/programming-languages-runtimes/python-language-features/multi-language-runtimes.md) — Packages Java, Python, and JavaScript applications into optimized, minimal runtime images. - [JavaScript Runtimes](https://awesome-repositories.com/f/programming-languages-runtimes/runtime-execution-environments/javascript-runtimes.md) — Executes JavaScript applications within minimal container environments containing only necessary runtime dependencies. ([source](https://github.com/GoogleContainerTools/distroless/blob/main/nodejs/README.md)) - [Java Virtual Machine Runtimes](https://awesome-repositories.com/f/programming-languages-runtimes/runtime-execution-environments/runtime-environments/language-runtimes/java-virtual-machine-runtimes.md) — Bundles Java applications into minimal container images containing only necessary runtime dependencies. ([source](https://github.com/GoogleContainerTools/distroless/tree/main/java)) ### Operating Systems & Systems Programming - [Base Image Distributions](https://awesome-repositories.com/f/operating-systems-systems-programming/system-administration-maintenance/base-image-distributions.md) — Maintains standardized base images derived from specific operating system releases. ([source](https://github.com/GoogleContainerTools/distroless/blob/main/distro.bzl)) ### Data & Databases - [Library Lookup Caches](https://awesome-repositories.com/f/data-databases/data-governance-modeling/data-management-governance/database-infrastructure-components/caching-libraries/library-lookup-caches.md) — Pre-generates library search paths to allow applications to locate dependencies within restricted file systems.