BellSoft Hardened Images

A single solution for security and support

Deploy with confidence using minimized images that protect against emerging CVEs and unauthorized changes, and simplify compliance

Get startedTalk to an expert
Minimization

Minimization

Smaller images, smaller attack surface — fewer CVEs and faster patching.

Container Hardening

Container Hardening

Immutable component set prevents misconfigurations and unauthorized changes.

CVE Management

CVE Management

Continuous monitoring and patching handled by BellSoft — freeing your team’s time.

Stop Paying Three Times for Security

  • Forced by regulations and compliance demands, enterprises often manage separate vendors for their container images — runtime and OS support, and vulnerability management contracts. This drives up costs, delays fixes, and leaves complex vulnerabilities unresolved.

  • With BellSoft Hardened Container Images, a single team covers the runtime, OS, and container security — all under one SLA. That means one point of contact for every issue, no integration overhead, and no vendor finger-pointing.Get Started

This Is What Secure Looks Like: 0 CVEs Instead of 34

METRICS
BELLSOFT
HARDENED IMAGE
OPENJDK
IMAGE
Total Vulnerabilities
0
34
Critical/High CVEs
0/0 CVEs
0/0 CVEs
Image Size
44.21 MB
132.28 MB
CVE remediation
SLA-backed
-
Support
YES
NO
down34

Fewer Vulnerabilities

BellSoft
Alternative
Total
0vs34
down100%
Critical
0vs0
equal0%
High
0vs0
equal0%
Medium
0vs22
down100%
Low
0vs12
down100%
Unknown
0vs0
equal0%

Build on a Secure Base:
Hardened Images with Near Zero CVEs

BellSoft Hardened Images are minimized container images that strip out the package managers and non-essential components, reducing vulnerabilities and limiting attacker entry points. With a locked configuration that can’t be modified, they minimize the risk of attackers introducing malware or tampering with the runtime.

BellSoft’s Images are built on Alpaquita Linux, a lightweight open-source distribution designed with BusyBox and apk. Alpaquita is offered in both musl and glibc variants. Combined with continuous CVE patching and enterprise support, BellSoft Hardened Images provide a secure, audit-ready foundation that protects your business and frees your team’s time.

More Than Hardened: Images Backed by BellSoft Expertise

Other hardened images stop at stripping packages and continuous patching. BellSoft goes further — combining OS and runtime expertise with enterprise support to keep containers secure, compliant, and sustainable. All from one trusted vendor.

Optimized Java Runtime

with Liberica JDK Lite

A minimized Java runtime reduces image size and memory use by up to 30%, boosting performance of Java workloads.

media
Liberica JDK Lite

Seamless Java Migration

TCK-Verified

If it runs on Oracle JDK or OpenJDK, it runs on Liberica JDK — no changes required.

TCK-verification

Flexible Compatibility

glibc & musl Variants

All images are available with both glibc and musl, ensuring compatibility with any Linux environment. Pick the variant that works best for you.

glibсmuslmusl-perf

Simplified Compliance

Audit-Ready by Default

Every image comes with a complete SBOM, ensuring full visibility into components and simplifying audits and compliance checks.

SBOM

Security Expertise

OpenJDK Vulnerability Group Member

Early insight into vulnerabilities and upstream fixes ensure secure, sustainable Java runtimes.

InsightsEarly AccessOpenJDK Contributor

Continuous Security Updates

Backed by Remediation SLA

Each CVE matters. With a 7-day remediation SLA for critical vulnerabilities and 14 days for all others, you get more than just patching — you get a team of experts ready to fix issues and keep workloads secure.

media

Industry Leading Support

Decades of JVM & Linux Experience

BellSoft engineers include long-time OpenJDK contributors and Linux specialists, bringing proven expertise to resolve production issues quickly and reliably.

Linux foundationJCP Executive CommitteeGraalVM Advisory Board

One Partner.
Full Accountability. Long-Term Value.

Choosing BellSoft means more than adopting hardened images — it’s about gaining a partner who takes responsibility for your entire container stack. We combine OS security, runtime expertise, and enterprise support to simplify management, reduce risk, and protect your business long-term.

icon
One Vendor, One SLA

No more chasing multiple providers — BellSoft owns security updates, bug fixes, and runtime stability.

icon
Reduced Risk

Continuous CVE remediation with timely patching reduces exposure and protects against costly incidents

icon
Lower Overhead

Free Your Team. We manage container security so your engineers can focus on innovation, not maintenance.

icon
Effortless Compliance

SBOMs and transparency make audits and regulatory checks straightforward.

icon
Secure Open Source

Enterprise-grade hardening with no vendor lock-in — giving you flexibility and long-term sustainability.

icon
Strategic Partnership

Decades of Java and Linux expertise make BellSoft a long-term partner for your container strategy.

Flexible Plans for Every Team

Whether you’re experimenting with open source or running critical enterprise workloads, BellSoft Hardened Images offer a plan that fits your needs. Start free with community images, then scale to commercial support with SLA-backed remediation, migration assistance, and 24/7 expert support.

Community

Free
  • Hardened Liberica Runtime Containers (JDK 21, 25, and the latest non-LTS release)
  • Complete SBOM
  • All architecture support (AMD64, ARM64)
  • Community documentation
  • GitHub community support

Standard

Individual price
  • Full catalog of hardened images (JDK, Python, Go, C/C++, GraalVM)
  • 7-day CVE remediation SLA for critical vulnerabilities
  • 14-day CVE remediation SLA for high/medium/low vulnerabilities
  • Business hours support for security issues
  • Custom image development and maintenance
  • Migration assistance

Premium

Individual price
  • Everything in Standard
  • Full technical support for OS and runtime production issues
  • Performance optimization consulting
  • Dedicated support engineer

Frequently asked questions

01. Can I install additional packages in hardened images?

Hardened images come without a package manager and with an immutable component set. For production customization, we build custom images tailored to your specific requirements — contact our team to get started.

02. What's included in commercial support?

Enterprise SLA includes 7-day CVE patching, 24/7 support access, production issue escalation, performance optimization guidance, and migration assistance.

03. Are the images compatible with my existing CI/CD pipeline?

Yes, BellSoft Hardened Images are drop-in replacements for standard images. Simply change your base image reference in your Dockerfile.

04. How often are images updated?

We continuously monitor and scan images for newly detected vulnerabilities, applying patches and rebuilding images as needed. Critical/High CVEs are addresses within 7 days with SLA-guaranteed remediation.

05. How do BellSoft Hardened Images compare to Chainguard’s/Docker’s ones?

While other providers focus primarily on OS-level security, BellSoft provides comprehensive coverage including Java runtime security, plus commercial support from in-house OpenJDK and Linux experts.

Secure Your Containers

Consult an expert to see which solution is best for your business