Skip to content

swantron/secure-base-images

Repository files navigation

Secure Base Images

Minimal, security-hardened base image for static Go binaries. Distroless, non-root, zero vulnerabilities.

Usage

FROM swantron/secure-base:latest
COPY myapp /app
ENTRYPOINT ["/app"]

Features

  • Distroless base (no shell, no package manager)
  • Non-root user (uid 65532)
  • Automated Trivy security scanning
  • Build fails on CRITICAL/HIGH vulnerabilities
  • Comprehensive integration tests

Setup

  1. Add GitHub Secrets:

    • DOCKERHUB_USERNAME
    • DOCKERHUB_TOKEN
  2. Create a release:

    git tag v1.0.0
    git push origin v1.0.0

The workflow automatically builds, scans, and publishes to Docker Hub.

Testing

Run integration tests locally:

./test.sh

Tests verify: non-root user, no shell access, no package manager, CA certificates, minimal size, and read-only filesystem support.

License

MIT

About

distroless docker base for static go binaries. zero vulns, no shell, non-root.

Resources

License

Security policy

Stars

0 stars

Watchers

0 watching

Forks

Packages

 
 
 

Contributors