Containers & Docker
Distroless Container Image Reference
Search distroless image variants by runtime or use case. Covers distroless/static, distroless/base, Java images, debug variants, and CVE reduction impact.
Calculations run locally in your browserTool
About this tool
Distroless Container Image Reference
The Distroless Container Image Reference covers static, base, java, and language-specific distroless image variants with debug access patterns and CVE reduction impact.
• Find the correct distroless image for a Go binary compiled with CGO disabled
• Look up distroless debug image syntax before attaching to a distroless container
• Compare distroless vs alpine CVE counts for a security audit
• Reference distroless Java image variants before choosing between JRE and JDK base
Next step
Container Base Image Comparison — Compare container base images by size, compatibility, and attack surface for your runtime.
Open Container Base Image Comparison →
FAQ
What does this tool tell you?
The Distroless Container Image Reference covers static, base, java, and language-specific distroless image variants with debug access patterns and CVE reduction impact.
What affects the result most?
distroless/static: no libc — only for statically compiled binaries (Go, Rust with musl). distroless/base: glibc + libssl — for dynamically linked binaries, no shell or package manager. distroless/java21: JVM + OpenJDK — no JDK tools, only runtime, ~200MB.
How should I use the result?
Use this tool to orient quickly to the concepts, field names, or values you are about to look up in a full specification or vendor documentation. It summarizes the common cases; the authoritative source remains whichever standard or vendor doc defines the values themselves.
Related tools