https://github.com/ironpeakservices/iron-alpine
Hardened alpine linux baseimage for Docker.
https://github.com/ironpeakservices/iron-alpine
alpine docker
Last synced: 7 months ago
JSON representation
Hardened alpine linux baseimage for Docker.
- Host: GitHub
- URL: https://github.com/ironpeakservices/iron-alpine
- Owner: ironpeakservices
- License: apache-2.0
- Created: 2019-01-16T13:28:12.000Z (almost 7 years ago)
- Default Branch: master
- Last Pushed: 2025-03-20T04:48:33.000Z (7 months ago)
- Last Synced: 2025-04-05T01:08:23.377Z (7 months ago)
- Topics: alpine, docker
- Language: Dockerfile
- Homepage: https://github.com/ironPeakServices/iron-alpine
- Size: 208 KB
- Stars: 140
- Watchers: 4
- Forks: 14
- Open Issues: 9
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# ironpeakservices/iron-alpine
Hardened alpine linux baseimage for Docker.
Note: If you use Golang, build statically and use [iron-scratch](https://github.com/ironpeakservices/iron-scratch).
If you are using Java/Python/NodeJS/dotnet, use a [distroless image](https://github.com/GoogleContainerTools/distroless) instead.
```
# you can pull a global version (3), a series version (3.13) or a specific version (3.13.2)
docker pull ghcr.io/ironpeakservices/iron-alpine/iron-alpine:3
docker pull ghcr.io/ironpeakservices/iron-alpine/iron-alpine:3.13
docker pull ghcr.io/ironpeakservices/iron-alpine/iron-alpine:3.13.2
```
## How is this different?
- ca-certificates included
- /app for everything app-related; /app/conf, /app/tmp, /app/data
- no interactive shells for users
- removed unneccessary accounts, only 'app' and 'root' users
- removed crontabs
- removed dangerous commands and utilities
- strictened permissions on system files and directories
- removed temporary shadow/passwd/group
- removed suid/guid files
- removed init scripts
- removed kernel tunables
- removed /root/
- removed fstab
- post-install.sh:
- removes apk manager after installation
- sets permissions on /app after installation
## Example
`docker pull ghcr.io/ironpeakservices/iron-alpine:1.0.0`
See [the nginx example](example/).
## Update policy
Updates to the official alpine docker image are automatically created as a pull request and trigger linting & a docker build. When those checks complete without errors, a merge into master will trigger a deploy with the same version to packages.
## Additional
If you want, you can also enable vulnerability scanning during your build (for free).
Take a look at https://github.com/aquasecurity/microscanner