kenzman/ns-wolfi-python

By kenzman

Updated 23 days ago

Near Zero CVE base image.

Image
Security
Languages & frameworks
Operating systems
1

4.2K

kenzman/ns-wolfi-python repository overview

Secure Wolfi-Python Base Image

Build Status Signed with Cosign Image Size

Overview

This is a hardened, multi-architecture Java runtime built on Wolfi, the community-driven Linux undistro designed for security. Curated by NetShield, it provides a minimal attack surface for enterprise SecOps.

Key Features
  • Zero-Vulnerability Focus: Built using apko on Wolfi to minimize CVEs.
  • Multi-Arch: Native support for linux/amd64 and linux/arm64 (Apple Silicon compatible).
  • Supply Chain Security: Every image is keylessly signed with Cosign.

Security Verification

To verify the integrity and origin of this image, ensure you have Cosign installed and run the following command. This check confirms the image was built by our official GitHub automation.

cosign verify \
  --certificate-identity-regexp "https://github.com/Ekene95/secops-base-images/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  kenzman/ns-wolfi-python:3.13.12

Usage

Pull the latest hardened version:

docker pull kenzman/ns-wolfi-python:latest

Use as a base in your Dockerfile:

FROM kenzman/ns-wolfi-python:3.13.12
COPY my_app.py /app/my_app.py
CMD ["python", "/app/my_app.py"]

Tag summary

Content type

Image

Digest

sha256:4d5942e81

Size

30.1 MB

Last updated

23 days ago

docker pull kenzman/ns-wolfi-python:3.13