"BellSoft has unveiled a new container security solution designed to tackle the growing vulnerability crisis in enterprise software supply chains. Announced at KubeCon 2025, the new 'Hardened Images' offering combines Java runtime optimisation, operating system hardening and proactive CVE remediation. According to the press release, BellSoft claims this unified approach can reduce known vulnerabilities by 95 per cent while lowering resource consumption by up to 30 per cent."
"Container security remains a persistent challenge for development teams, with BellSoft citing industry data from NetRise suggesting that a typical container image can harbour over 600 known vulnerabilities. Java workloads face specific risks; the announcement reports that nearly half of all Java services currently contain known-exploited vulnerabilities, compared to significantly lower rates in Go and other languages. This new release attempts to mitigate these risks by embedding security controls directly into the container lifecycle, addressing the increasing demand for 'shift-left' security strategies."
"The technical foundation of these images is Alpaquita Linux, a lightweight distribution created by BellSoft that utilises BusyBox and APK. This addresses a common friction point for developers migrating from standard Linux distributions, who often face compatibility issues when moving to minimal, musl-only environments like Alpine Linux. To achieve hardening, the images are minimised by removing package managers and non-essential components, effectively locking the configuration. This immutability aims to prevent attackers from introducing malware or tampering with the runtime environment."
BellSoft unveiled Hardened Images, a container security solution that combines Java runtime optimisation, operating system hardening, and proactive CVE remediation to reduce known vulnerabilities by up to 95% and lower resource consumption by up to 30%. The offering targets the high vulnerability density in container images, noting typical images may contain over 600 known vulnerabilities and that nearly half of Java services have exploited vulnerabilities. The images use Alpaquita Linux, a lightweight BusyBox/APK distribution designed to ease migration from standard Linux. Hardening is achieved by removing package managers and non-essential components, locking configurations, and providing detailed SBOMs. Liberica JDK Lite is included to improve efficiency.
Read at InfoQ
Unable to calculate read time
Collection
[
|
...
]