cleanstart/jre

Verified Publisher

By CleanStart

Updated about 3 hours ago

Secure by Design, Built for Speed, Hardened Container Images on a minimal base CleanStart OS.

Image
Languages & frameworks
0

10K+

cleanstart/jre repository overview

Overview

Java Runtime Environment (JRE) container providing a minimal runtime for executing Java applications. This image includes the core Java class libraries and necessary components to run compiled Java applications, optimized for containerized environments with minimal footprint.

📌 CleanStart Foundation: Security-hardened, minimal base OS designed for enterprise containerized environments.

Key Features
  • Java Runtime Environment for executing Java applications
  • Optimized class libraries and JVM configuration
  • Memory-efficient container settings
  • Native SSL/TLS support with JSSE
  • Security hardened: Non-root, minimal attack surface
  • FIPS compliance: Available with -fips tag
Common Use Cases
  • Running Java microservices in containers
  • Deploying Spring Boot applications
  • Executing Java-based batch processing jobs
  • Running Java web applications
# Pull commands
docker pull cleanstart/jre:latest
docker pull cleanstart/jre:latest-dev

Quick Start

Basic Production Deployment

Standard production deployment with recommended settings

  docker run -d \
  --name jre-app \
  -p 8080:8080 \
  -v /path/to/app.jar:/app/application.jar \
  cleanstart/jre:latest \
  -jar /app/application.jar

Access: http://localhost:8080 (if running a web application)

Development/Testing

Development setup with debugging capabilities

docker run -it --privileged --entrypoint /bin/sh cleanstart/jre:latest-dev
docker run -d --name jre-dev -p 8080:8080 -p 5005:5005 -e JAVA_TOOL_OPTIONS='-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005' cleanstart/jre:latest-dev

Docker Compose

version: '3.8'
services:
  jre:
    image: cleanstart/jre:latest
    container_name: jre
    restart: unless-stopped
    ports:
      - 8080:8080
    volumes:
      - ./application.jar:/app/application.jar:ro
    security_opt:
      - no-new-privileges:true
    read_only: true
    tmpfs:
      - /tmp

Configuration

Environment Variables
VariableDefaultDescription
JAVA_OPTS-Xmx512m -Xms256mJVM configuration options
JAVA_TOOL_OPTIONSAdditional JVM startup options
Command Arguments

Common command line arguments

docker run cleanstart/jre:latest java -jar /app/application.jar --server.port=8080
Common Flags
  • -jar: Specify the JAR file to execute
  • -Xmx: Maximum heap size
  • -Xms: Initial heap size

Security & Best Practices

securityContext:
  runAsNonRoot: true
  runAsUser: 1000
  runAsGroup: 1000
  readOnlyRootFilesystem: true
  allowPrivilegeEscalation: false
  capabilities:
    drop: ["ALL"]
Best Practices
  • Use specific image tags for production (avoid latest)
  • Configure resource limits: memory: 1Gi, cpu: 500m
  • Enable read-only root filesystem
  • Regularly update container images
  • Configure JVM security manager when needed
  • Monitor container metrics for anomalies
Container Management
# Check status
docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
# View logs
docker logs jre
# Version info
docker exec jre java -version

Architecture Support

Multi-Platform Images
docker pull --platform linux/amd64 cleanstart/jre:latest
docker pull --platform linux/arm64 cleanstart/jre:latest

Documentation Resources

Essential links and resources for further information

CleanStart Images: https://images.cleanstart.com/

Community Images:
Docker Hub: https://hub.docker.com/u/cleanstart
GitHub: https://github.com/cleanstart-containers
AWS ECR Public Gallery: https://gallery.ecr.aws/cleanstart/

Presence on Social Media:
Community: https://www.linkedin.com/groups/18324021/
YouTube: https://www.youtube.com/@CleanStartOfficial

Contribute to Container Use Cases: https://github.com/cleanstart-dev/cleanstart-use-cases/

Vulnerability Disclaimer

CleanStart offers Docker images that include third-party open-source libraries and packages maintained by independent contributors. While CleanStart maintains these images and applies industry-standard security practices, it cannot guarantee the security or integrity of upstream components beyond its control.

Users acknowledge and agree that open-source software may contain undiscovered vulnerabilities or introduce new risks through updates. CleanStart shall not be liable for security issues originating from third-party libraries, including but not limited to zero-day exploits, supply chain attacks, or contributor-introduced risks.

Security remains a shared responsibility: CleanStart provides updated images and guidance where possible, while users are responsible for evaluating deployments and implementing appropriate controls.

Tag summary

Content type

Image

Digest

sha256:472767009

Size

201.4 MB

Last updated

about 3 hours ago

docker pull cleanstart/jre:26.0.1_p8-amd64