A typical container image carries over 600 known vulnerabilities, nearly half of them years old and for Java workloads, the risk is particularly acute.
To address this BellSoft is announcing Hardened Images, a tool for enhancing the security and compliance of containerized applications in Kubernetes.
Container hardening systematically secures images, configurations and runtimes from the start. By embedding security controls into every stage of the container lifecycle, organizations can protect workloads against misconfigurations, unauthorized access and supply chain risks while meeting increasingly stringent regulatory requirements.
BellSoft Hardened Images are minimized container images that remove package managers and non-essential components, significantly reducing vulnerabilities and limiting potential attack vectors. These images feature a locked configuration that cannot be modified, minimizing the risk of attackers introducing malware or tampering with the runtime environment.
“BellSoft Hardened Images is a response to the growing demand in the market for secure, high-performance container solutions and is consistent with our commitment to providing the most complete and reliable Java experience,” says Aleksei Voitylov, CTO at BellSoft. “By combining expert Java runtime optimization, proactive CVE remediation and a lightweight, flexible foundation, our hardened images give organizations a secure, audit-ready platform that reduces vulnerabilities, improves performance and simplifies migration. This solution not only protects critical workloads from emerging threats but also frees developers to focus on innovation rather than managing security risks, delivering measurable value across IT and business operations.”
BellSoft’s images are based on Alpaquita Linux, a lightweight open-source distribution. Hardened Images remove unnecessary packages and components that often bloat containers, minimizing potential vulnerabilities and limiting exploitable entry points for attackers.
The solution delivers continuous monitoring, proactive patch development and timely security updates, helping organizations maintain containers with virtually no known vulnerabilities. It also features an immutable component set that prevents unauthorized modifications, malware installation and tampering, ensuring that the runtime environment remains secure and stable.
It includes a detailed Software Bill of Materials (SBOM), simplifying audits and supporting regulatory and security compliance requirements with minimal effort.
You can find out more on the BellSoft site and Hardened Images will be demonstrated at KubeCon 2025 in Atlanta, from today until Thursday.
Image credit: Sergey Novikov/Dreamstime.com
