Hardened Image

A hardened container image is a base image built with security as the primary concern — removing unnecessary packages, running as a non-root user, using minimal distributions (Alpine, distroless), and applying CIS benchmarks for container configuration. Hardened images reduce attack surface by eliminating tools that attackers could use post-exploitation (package managers, shells, curl) while maintaining only what the application needs to function.

Organizations maintain approved hardened base images that application teams extend.