Guide

Koala's Hardened OSS container Images

Distroless security with distro-like experience

What are Koala Images?

Koala Images are Hardened vulnerability-free base container images covering the whole cloud-native stack.

Koala minimal distroless Images are built on 0-deb, koala’s debian-inspired container-first linux distro. This allows koala images to be bloat-free, vulnerability free & koala’s custom hardening allows for “hardened-out-of-the-box” container images.

Ex: Koala provides hardened minimal 0-deb based image for python, jdk, jre, nginx etc which are alternatives to such base container images available on dockerhub.

Problem

Modern applications are built on 90% open-source code, which comes with it’s own code vulnerabilities(CVEs) leading to

  • Security teams managing CVE sprawl &

  • Developer toil in upgrading & patching built software.

How are Koala Images built?

Koala Images are built using debflow & C(apt)ain

  • Archive of minimal deb packages: Debflow tooling allows koala to repackage all upstream OSS packages into a minimal package format

  • C(apt)ain: is portable package manager for koala’s packages & creates minimal container images using the archive of minimal deb packages

  • Hardened out of the box: Koala hardens to images created through C(apt)ain to provide the best version of base container images

Features of Koala Images

Koala images are 0CVE or vulnerability free, hardened, rebuilt daily & remain up-to-date.

Features include:

  1. Hardened-out-of-the box

    • Rootless

    • Least privilege container

  2. Reproducible

    • Each koala deb package to be shipped with build environment specs & build steps so that same package can be built each time

  3. Trust

    • SLSA attestation during koala’s build process of packages & containers for trust across the whole software supply chain.

  4. Build-time SBOM

    • Koala has precise control over the SBOM of the containers & since Koala is rebuilding open-source from the ground-up, it is able to provide buildtime SBOM for each container which is precise & more accurate.

  5. Bespoke usecases/Customize your image

    • Koala’s tight control over the SBOM of the containers & custom minimal package archive allows koala to provide customized images for any bespoke usecases.

Summary

KoalaLab’s secure OSS containers change the paradigm of application security by providing enterprise developers code containers with upto 97% fewer vulnerabilities.

KoalaLab’s containers enable distroless security aided with a familiar developer experience since they are built on 0-deb, koala’s debian-inspired container-first distro.

Use Koala’s container images to:

  • Build secure applications

  • Reduce CVE sprawl

  • Unlock developer productivity

  • Accelerate compliance