cleanstart/jdk

CleanStart Container for JDK

Enterprise-ready Java Development Kit (JDK) container image providing a complete development and runtime environment for Java applications. Built on OpenJDK, this image includes essential development tools, debugging capabilities, and security features required for enterprise Java development. Optimized for cloud-native applications with minimal footprint and enhanced security controls.

📌 CleanStart Foundation: Security-hardened, minimal base OS designed for enterprise containerized environments.

Key Features

• Complete Java development and runtime environment
• Optimized for cloud-native applications
• Built-in debugging and profiling tools
• Enhanced security features with vulnerability scanning

Common Use Cases

• Enterprise Java application development
• Microservices deployment
• Cloud-native Java applications
• CI/CD pipeline Java builds

Quick Start

Pull Latest Image Download the container image from the registry

bash
docker pull cleanstart/jdk:latest
docker pull cleanstart/jdk:latest-dev

Basic Run Run the container with basic configuration

bash
docker run -it --name jdk-test cleanstart/jdk:latest-dev

Production Deployment Deploy with production security settings

bash
docker run -d --name jdk-prod \
  --read-only \
  --security-opt=no-new-privileges \
  --user 1000:1000 \
  cleanstart/jdk:latest

Small Project to run for volume mount

bash
cat > jdk-test/HelloWorld.java << 'EOF'
public class HelloWorld {
    public static void main(String[] args) {
        System.out.println("Hello from JDK Container!");
        System.out.println("Java version: " + System.getProperty("java.version"));
        System.out.println("Java vendor: " + System.getProperty("java.vendor"));
    }
}
EOF

Volume Mount Mount local directory for persistent data

bash
docker run --rm -v $(pwd):/app -w /app cleanstart/jdk:latest $(which javac) jdk-test/HelloWorld.java

Configuration

Environment Variables

Security & Best Practices

Recommended Security Context

yaml
securityContext:
  runAsNonRoot: true
  runAsUser: 1000
  runAsGroup: 1000
  readOnlyRootFilesystem: true
  allowPrivilegeEscalation: false
  capabilities:
    drop: ['ALL']

Best Practices

• Use specific image tags for production (avoid latest)
• Configure resource limits: memory and CPU constraints
• Enable read-only root filesystem when possible
• Run containers with non-root user (--user 1000:1000)
• Use --security-opt=no-new-privileges flag
• Regularly update container images for security patches
• Implement proper network segmentation
• Monitor container metrics for anomalies

Architecture Support

Multi-Platform Images

bash
docker pull --platform linux/amd64 cleanstart/jdk:latest
docker pull --platform linux/arm64 cleanstart/jdk:latest

Resources & Documentation

• CleanStart Website: [***]
• OpenJDK Documentation: [***]
• CleanStart Community Images: https://hub.docker.com/u/cleanstart
• CleanStart All Images: [***]
• CleanStart Enterprise Images: [***]
• Get more from CleanStart images at CleanStart GitHub repo https://github.com/clnstrt/cleanstart-containers/tree/main/containers,
  • how-to-Run sample projects using dockerfile
  • how-to-Deploy via Kubernete YAML
  • how-to-Migrate from public images to CleanStart images

Vulnerability Disclaimer

CleanStart offers Docker images that include third-party open-source libraries and packages maintained by independent contributors. While CleanStart maintains these images and applies industry-standard security practices, it cannot guarantee the security or integrity of upstream components beyond its control.

Users acknowledge and agree that open-source software may contain undiscovered vulnerabilities or introduce new risks through updates. CleanStart shall not be liable for security issues originating from third-party libraries, including but not limited to zero-day exploits, supply chain ***s, or contributor-introduced risks.

Security remains a shared responsibility: CleanStart provides updated images and guidance where possible, while users are responsible for evaluating deployments and implementing appropriate controls.