distroless/static
PatchedBase & Utilitiesfrom
gcr.io/distroless/staticPull Reference
ghcr.io/verity-org/distroless/static
docker pull ghcr.io/verity-org/distroless/static
Available Versions
nonrootlatest
latest
debug-nonroot
debug
Copa-Patched Image
Patched in-place from the upstream image usingCopa. OS-level vulnerabilities are fixed without rebuilding \u2014 same layers, same behavior, fewer CVEs.
Supply Chain
Full compliance detailsSignedSLSA L3SBOMRekor
Verify this artifact
Cosign signature
cosign verify \ --certificate-identity-regexp "https://github.com/verity-org/verity/.github/workflows/" \ --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \ ghcr.io/verity-org/distroless/static:nonroot
Build provenance
gh attestation verify \ oci://ghcr.io/verity-org/distroless/static:nonroot \ --owner verity-org
Vulnerability Scan
No vulnerabilities detected in the latest scan.
Source
Copa (in-place patch)
Platforms
linux/amd64, linux/arm64
Registry
ghcr.io/verity-org
Upstream
gcr.io/distroless/static
Version
nonroot