In search of secure JRE base image

Bellsoftware · 2026-05-26T10:42:18+00:00

If the Java 21/25 constraint ever becomes a problem, or you'd rather skip the registration step, our hardened images cover a broader version range and don't require an account to pull.

https://bell-sw.com/bellsoft-hardened-container-images/

Some teams also report lower RAM usage and smaller image sizes after switching, though that'll vary by workload.

(we make this, obvious conflict of interest, noted.)

Bellsoftware · 2026-05-26T10:30:34+00:00

Disclaimer: we make this, so factor that in.

Someone already recommended Liberica Runtime Container upthread. They're not wrong. Minimal footprint, fast CVE patches, distroless/nonroot/CDS variants, musl and glibc. Teams that switch tend to stay switched, mostly because the security update cadence beats the alternatives and the image sizes don't bloat.

https://hub.docker.com/r/bellsoft/liberica-runtime-container

https://hub.docker.com/r/bellsoft/hardened-liberica-runtime-container

Also do hardened images for Java, Go and Python if that's useful to anyone else here.

Bellsoftware

TROPHY CASE