truebyteinnovation/redis

By truebyteinnovation

â€ĒUpdated 23 days ago

Hardened multi-arch Redis built from source on Alpine — non-root, TLS, 0 known CVEs.

Image
Message queues
Databases & storage
0

2.9K

truebyteinnovation/redis repository overview

⁠redis

Minimal, security-hardened Redis built from source on Alpine Linux. Multi-stage build, runs as a non-root user, multi-arch (amd64/arm64), and ships with zero known CVEs (scanned with Trivy on every release).

⁠Highlights

  • 🔒 Hardened — non-root (uid 100), compatible with a read-only root filesystem, all capabilities droppable.
  • 📌 Reproducible — Alpine base pinned by digest; Redis pinned by version and SHA-256 checksum (verified at build).
  • 🔑 TLS-ready — compiled with BUILD_TLS=yes.
  • ðŸŠķ Small — multi-stage build, stripped binaries, runtime deps only.
  • ðŸĐš Healthcheck built in (redis-cli ping).
  • ðŸ§ą Multi-arch — linux/amd64, linux/arm64.

⁠Tags

  • latest — newest build.
  • 7.4.2-alpine3.21 — Redis 7.4.2 on Alpine 3.21.

⁠Quick start

docker run -d --name redis -p 6379:6379 truebyteinnovation/redis:latest
docker run -d --name redis -p 6379:6379 \
  --read-only -v redis-data:/data \
  truebyteinnovation/redis:latest
⁠With a password
docker run -d --name redis -p 6379:6379 -v redis-data:/data \
  truebyteinnovation/redis:latest --requirepass "your-strong-password"

⁠Configuration

ItemValue
Data dir/data (declared as a VOLUME)
Port6379
Userredis (non-root, uid 100)
Entrypointredis-server

Pass any redis-server flags or a config file path as arguments after the image name. protected-mode is on by default — set a password, TLS, or ACLs before exposing Redis beyond a trusted network.

⁠Security

  • Built from official Redis source over HTTPS with SHA-256 checksum verification.
  • Base image pinned by digest for reproducible builds.
  • The unused BusyBox wget applet is removed to reduce attack surface.
  • Scanned with Trivy⁠; releases fail on HIGH/CRITICAL.
  • Signed with Cosign + SBOM/provenance attestations. Verify:
    cosign verify --key https://raw.githubusercontent.com/truebyteinnovation/docker-images/main/assets/cosign.pub \
      docker.io/truebyteinnovation/redis:7.4.2-alpine3.21
    

⁠Kubernetes

A production Helm chart (standalone / Sentinel HA / Cluster) is available at oci://registry-1.docker.io/truebyteinnovation/redis-chart.

⁠License

Redis is distributed under the BSD-3-Clause license.

Tag summary

Content type

Image

Digest

sha256:afb35b894â€Ķ

Size

6.3 MB

Last updated

23 days ago

docker pull truebyteinnovation/redis