Seal Base Images

Seal Base Images are sealed versions of the public container base images your team builds on top of: language runtime images, server images, database images, and the OS-distribution images they tend to be derived from. You pull a Seal base image instead of the public one, and your application is built on top of it. The vulnerabilities in the underlying packages are already remediated when you pull.

What it covers

Public base images that ship without licensing restrictions on redistribution. Anything you would normally pull from a public registry like Docker Hub falls into this category if the upstream allows redistribution: language runtimes, web servers, databases, and the OS images they sit on top of.

For containers where the vendor's licensing prevents Seal from distributing a sealed copy of the image, the equivalent role is filled by Seal Vendor Apps, which seals the open-source content of vendor containers in place rather than redistributing them.

How it is delivered

A Seal base image is published as a regular container image to a Seal-hosted registry. Your Dockerfile or build pipeline pulls from that registry. You can also mirror Seal base images into your internal registry.

Related

• Setting up Seal Base Images: day-1 setup.

• Working with Seal Base Images: the day-to-day workflow.