distroless
Minimal Docker images containing only your application and runtime dependencies, without package managers or shells.
What is distroless?
Distroless is a collection of language-focused Docker images that strip away the operating system, leaving only the essential runtime dependencies for an application. It solves the problem of bloated container images by removing package managers, shells, and other standard Linux distribution components, resulting in significantly smaller images and a reduced attack surface. This approach follows security best practices established by Google and other tech giants using containers at scale.
Developers and DevOps engineers building production-ready containerized applications who prioritize security, minimal image size, and adherence to container best practices. It is particularly relevant for teams deploying applications on Kubernetes, Knative, Tekton, or similar container orchestration platforms.
Developers choose Distroless over alternatives like Alpine or Debian base images because it provides the smallest possible runtime images (as small as 2 MiB), drastically reduces the attack surface by eliminating unnecessary components, and improves the signal-to-noise ratio for vulnerability scanners. Its language-specific runtimes and support for non-root execution offer a secure, production-optimized foundation without the overhead of a full OS.
Overview
🥑 Language focused docker images, minus the operating system.
Use Cases
Best For
Related Projects
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
