Hardened Base Image

• No package manager footprint in container image

• No shell - eliminates entire classes of attacks

User & Permissions

• Non-root user as default

• Root login disabled in production images

Package Essentials

• No VM-era baggage in containers

• Minimal dependencies - No systemd, debconf, or other unnecessary components

Multi-stage builds

• Separate builder and production base images using multi-stage builds to produce minimal images

Secure Software supply chain

Reproducibility & Trust: Image Signing & Verification

• Provenance attestation for the entire supply chain ensuring transparency of the source used to build packages and images

• Images signed with Cosign and can be verified against our GitHub identity

Build-time SBOM

• Koala has precise control over the SBOM of the containers & hence can provide build-time SBOMs which are more precise & accurate.

Vulnerability Management

• Daily image scanning to identify vulnerabilities

• Daily image builds to keep dependencies up to date

Enterprise SLA

• 7-day SLA for patching Critical and High vulnerabilities

• 14-day SLA for patching Medium and Low vulnerabilities

Bespoke usecases/Customize your image

• Koala’s tight control over the SBOM of the containers & custom minimal package registry allows us to provide customized images for any bespoke usecases.