distroless image
also: minimal image, slim image
A container image that contains only an application and its runtime dependencies, with no package manager, shell, or other system utilities included.
A distroless image is a minimal container image built to reduce attack surface, image size, and startup time. Instead of starting from a full Linux distribution like Ubuntu or CentOS, distroless images include only the absolute essentials: your application, required libraries, and a minimal runtime environment.
These images are typically built using tools like Google's distroless base images or similar approaches that strip away the shell (/bin/bash), package managers (apt, yum), and utility binaries. For example, a Python distroless image contains Python and common system libraries, but no apt-get, curl, or interactive shell.
The benefits include smaller image sizes (often 50-80% smaller than traditional images), faster container startup, reduced vulnerability surface since fewer tools are available for exploitation, and simplified deployment. The tradeoff is reduced debuggability—you cannot shell into a running distroless container to troubleshoot interactively.