Score yourself honestly

Take the Test: How Secure Is Your Container?

0 Yes out of 10
1
Does your container run as a non-root user with privilege escalation blocked at runtime?
2
Have you dropped all Linux capabilities your application doesn't explicitly need?
3
Does your production image use a JRE rather than a full JDK?
4
Is your base OS under 10 MB with no package manager in the runtime layer?
5
Have you scanned your images for CVEs in the last 30 days?
6
Do you go beyond CVSS scores, checking whether vulnerable code is actually reachable in your workload?
7
Do you have a Software Bill of Materials (SBOM) for your container image?
8
Is your base image from a vendor committed to patching CVEs on a defined SLA?
9
Are your base images pinned by digest rather than tag?
10
Can you verify your base image came from the expected publisher with signed attestation?
8-10 Yes

Good secure posture.

Use hardened images to maintain it without overhead.

5-7 Yes

At risk, gaps exist.

You have exploitable gaps that attackers actively look for.

4 or fewer Yes

Exposed.

Your containers are a significant production risk. Action required.

Secure your container at the base image level

BellSoft Hardened Images help close the gaps exposed by this checklist.

Near-zero CVE container images, minimized attack surface, no package managers, SBOM, image signing, and SLA-backed CVE remediation.

Near-zero CVE images No package managers SBOM Image signing SLA-backed remediation
Open Hardened Images