centersl/docker-docs
1
0
Fork 0
mirror of https://github.com/docker/docs.git synced 2026-03-27 14:28:47 +07:00
Code Issues Packages Projects Releases Wiki Activity

Update distroless.md (#23259)

Browse Source 
`###` should be `##`

<!--Delete sections as needed -->

## Description

<!-- Tell us what you did and why -->

## Related issues or tickets

<!-- Related issues, pull requests, or Jira tickets -->

## Reviews

<!-- Notes for reviewers here -->
<!-- List applicable reviews (optionally @tag reviewers) -->

- [ ] Technical review
- [ ] Editorial review
- [ ] Product review
This commit is contained in:
Tadashi Nemoto
2025-08-21 02:01:34 +09:00
committed by GitHub
parent 5da235a98b
commit d6ad97fbd7
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
content/manuals/dhi/core-concepts/distroless.md
View File

@@ -17,7 +17,7 @@ Images](../../docker-hub/image-library/trusted-content.md#verified-publisher-ima
follow similar best practices for minimalism and security but may not be as
stripped down to ensure compatibility with a wider range of use cases.
### What are minimal or distroless images?
## What are minimal or distroless images?
Traditional container images include a full OS, often more than what is needed
to run an application. In contrast, minimal or distroless images include only:
@@ -36,7 +36,7 @@ They typically exclude:
Docker Hardened Images are based on this model, ensuring a smaller and more
secure runtime surface.
### What you gain
## What you gain
| Benefit | Description |
|------------------------|-------------------------------------------------------------------------------|
@@ -45,7 +45,7 @@ secure runtime surface.
| Improved security | Lack of shell and package manager limits what attackers can do if compromised |
| Better compliance | Easier to audit and verify, especially with SBOMs and attestations |
### Addressing common tradeoffs
## Addressing common tradeoffs
Minimal and distroless images offer strong security benefits, but they can
change how you work with containers. Docker Hardened Images are designed to
@@ -60,7 +60,7 @@ maintain productivity while enhancing security.
By balancing minimalism with practical tooling, Docker Hardened Images support
modern development workflows without compromising on security or reliability.
### Best practices for using minimal images
## Best practices for using minimal images
- Use multi-stage builds to separate build-time and runtime environments
- Validate image behavior using CI pipelines, not interactive inspection