Secure by Design, Built for Speed, Hardened Container Images on a minimal base CleanStart OS.
10K+
Java Runtime Environment (JRE) container providing a minimal runtime for executing Java applications. This image includes the core Java class libraries and necessary components to run compiled Java applications, optimized for containerized environments with minimal footprint.
📌 CleanStart Foundation: Security-hardened, minimal base OS designed for enterprise containerized environments.
# Pull commands
docker pull cleanstart/jre:latest
docker pull cleanstart/jre:latest-dev
Standard production deployment with recommended settings
docker run -d \
--name jre-app \
-p 8080:8080 \
-v /path/to/app.jar:/app/application.jar \
cleanstart/jre:latest \
-jar /app/application.jar
Access: http://localhost:8080 (if running a web application)
Development setup with debugging capabilities
docker run -it --privileged --entrypoint /bin/sh cleanstart/jre:latest-dev
docker run -d --name jre-dev -p 8080:8080 -p 5005:5005 -e JAVA_TOOL_OPTIONS='-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005' cleanstart/jre:latest-dev
version: '3.8'
services:
jre:
image: cleanstart/jre:latest
container_name: jre
restart: unless-stopped
ports:
- 8080:8080
volumes:
- ./application.jar:/app/application.jar:ro
security_opt:
- no-new-privileges:true
read_only: true
tmpfs:
- /tmp
| Variable | Default | Description |
|---|---|---|
| JAVA_OPTS | -Xmx512m -Xms256m | JVM configuration options |
| JAVA_TOOL_OPTIONS | Additional JVM startup options |
Common command line arguments
docker run cleanstart/jre:latest java -jar /app/application.jar --server.port=8080
securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
# Check status
docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
# View logs
docker logs jre
# Version info
docker exec jre java -version
docker pull --platform linux/amd64 cleanstart/jre:latest
docker pull --platform linux/arm64 cleanstart/jre:latest
Essential links and resources for further information
CleanStart Images: https://images.cleanstart.com/
Community Images:
Docker Hub: https://hub.docker.com/u/cleanstart
GitHub: https://github.com/cleanstart-containers
AWS ECR Public Gallery: https://gallery.ecr.aws/cleanstart/
Presence on Social Media:
Community: https://www.linkedin.com/groups/18324021/
YouTube: https://www.youtube.com/@CleanStartOfficial
Contribute to Container Use Cases: https://github.com/cleanstart-dev/cleanstart-use-cases/
CleanStart offers Docker images that include third-party open-source libraries and packages maintained by independent contributors. While CleanStart maintains these images and applies industry-standard security practices, it cannot guarantee the security or integrity of upstream components beyond its control.
Users acknowledge and agree that open-source software may contain undiscovered vulnerabilities or introduce new risks through updates. CleanStart shall not be liable for security issues originating from third-party libraries, including but not limited to zero-day exploits, supply chain attacks, or contributor-introduced risks.
Security remains a shared responsibility: CleanStart provides updated images and guidance where possible, while users are responsible for evaluating deployments and implementing appropriate controls.
Content type
Image
Digest
sha256:472767009…
Size
201.4 MB
Last updated
about 3 hours ago
docker pull cleanstart/jre:26.0.1_p8-amd64