cleanstart/python

Verified Publisher

By CleanStart

•Updated about 3 hours ago

Deploy, scale, and secure critical infrastructure with Cleanstart's hardened container images.

Image
Languages & frameworks
1

10K+

cleanstart/python repository overview

CleanStart Container for Python

Official Python programming language runtime container, optimized and security-hardened for enterprise deployments. Includes the complete Python interpreter and standard library, pip package manager, and essential build tools. Features multi-stage builds to minimize image size, integrated security scanning, and enterprise-ready configurations. Supports both production deployments and development workflows with separate tagged versions.

šŸ“Œ CleanStart Foundation: Security-hardened, minimal base OS designed for enterprise containerized environments.

Key Features

  • Complete Python runtime environment with standard library
  • Integrated pip package manager and build tools
  • Multi-stage builds for optimized image size
  • Enterprise security features and compliance scanning

Common Use Cases

  • Web application development and deployment
  • Data science and machine learning workflows
  • API development and microservices
  • Automation and scripting in enterprise environments

Quick Start

Pull Commands Download the runtime container images

docker pull cleanstart/python:latest
docker pull cleanstart/python:latest-dev

Interactive Development Start interactive session for development

docker run -it --name python-dev \
  -v $(pwd):/workspace \
  -w /workspace \
  cleanstart/python:latest-dev /bin/sh

Run Hello World Execute a simple Hello World program

docker run --rm cleanstart/python:latest-dev -c 'print("Hello, World!")'

Mount Workspace Run container with local workspace mounted

 docker run --rm -v $(pwd):/app -w /app --user $(id -u):$(id -g) cleanstart/python:latest-dev -c 'import os; print(os.listdir("."))'

Application Server Run application with port forwarding

docker run -d --name python-app \
  -p 8000:8000 \
  -v $(pwd):/app \
  -w /app \
  cleanstart/python:latest

Configuration

Environment Variables

VariableDefaultDescription
PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/binSystem PATH configuration
PYTHONPATH/usr/local/lib/python3.9/site-packagesPython packages search path

Security & Best Practices

Recommended Security Context

securityContext:
  runAsNonRoot: true
  runAsUser: 1000
  runAsGroup: 1000
  readOnlyRootFilesystem: true
  allowPrivilegeEscalation: false
  capabilities:
    drop: ['ALL']

Best Practices

  • Use specific image tags for production (avoid latest)
  • Configure resource limits: memory and CPU constraints
  • Enable read-only root filesystem when possible
  • Run containers with non-root user (--user 1000:1000)
  • Use --security-opt=no-new-privileges flag
  • Regularly update container images for security patches
  • Implement proper network segmentation
  • Monitor container metrics for anomalies

Architecture Support

Multi-Platform Images

docker pull --platform linux/amd64 cleanstart/python:latest
docker pull --platform linux/arm64 cleanstart/python:latest

⁠Documentation Resources

Essential links and resources for further information

CleanStart Images: https://images.cleanstart.com/⁠

Community Images:
Docker Hub: https://hub.docker.com/u/cleanstart⁠
GitHub: https://github.com/cleanstart-containers⁠
AWS ECR Public Gallery: https://gallery.ecr.aws/cleanstart/⁠

Presence on Social Media:
Community: https://www.linkedin.com/groups/18324021/⁠
YouTube: https://www.youtube.com/@CleanStartOfficial⁠

Contribute to Container Use Cases: https://github.com/cleanstart-dev/cleanstart-use-cases/⁠

⁠Vulnerability Disclaimer

CleanStart offers Docker images that include third-party open-source libraries and packages maintained by independent contributors. While CleanStart maintains these images and applies industry-standard security practices, it cannot guarantee the security or integrity of upstream components beyond its control.

Users acknowledge and agree that open-source software may contain undiscovered vulnerabilities or introduce new risks through updates. CleanStart shall not be liable for security issues originating from third-party libraries, including but not limited to zero-day exploits, supply chain attacks, or contributor-introduced risks.

Security remains a shared responsibility: CleanStart provides updated images and guidance where possible, while users are responsible for evaluating deployments and implementing appropriate controls.

Tag summary

Content type

Image

Digest

sha256:afce3b559…

Size

35.5 MB

Last updated

about 3 hours ago

docker pull cleanstart/python:3.14.6-amd64