Quick Links & Suggestions
Press Enter to search site, Esc to exit
↑↓ Navigate

Explain the concept of a distroless image and its security benefits.

Medium Topic: Docker May 24, 2026

A distroless image contains only your application and its runtime dependencies — no shell, no package manager, no OS utilities. This comes from Google’s distroless project.

Security benefits: You cannot exec into a distroless container and run arbitrary commands. The attack surface is dramatically reduced because there are no standard Unix tools an attacker could use to move laterally.

# Distroless multi-stage example
FROM golang:1.22 AS builder
WORKDIR /app
COPY . .
RUN CGO_ENABLED=0 go build -o server .

FROM gcr.io/distroless/static-debian12
COPY --from=builder /app/server /server
CMD ["/server"]
← Previous What is Docker Compose and when would you... Next → What are dangling Docker images and how do...

Practice Similar Questions

How do you implement health checks in Docker and why...
Hard
What is the difference between Docker COPY and ADD instructions?
Easy
What are dangling Docker images and how do you clean...
Medium
Back to Docker Topics