Distroless Container Security

Distroless containers strip away package managers, shells, and OS utilities to minimize attack surface. But they still contain glibc/musl, OpenSSL, zlib, and compiler runtime libraries that carry CVEs. Without shell access, traditional vulnerability scanners cannot inspect these images — making binary analysis essential.

Verified by Precogs Threat Research
distrolesscontainersbinary-analysisfalse-negativesUpdated: 2026-03-26

The Distroless False Sense of Security

Distroless images (gcr.io/distroless) remove shells, package managers, and debugging tools. This hardens the container against interactive exploitation but does NOT eliminate vulnerabilities. The application binary, its statically linked dependencies, and base libraries (glibc, libssl, zlib) still carry CVEs. Without a package database (dpkg, rpm), traditional scanners report zero vulnerabilities — a dangerous false negative.

Hidden Dependencies in Distroless

Distroless images based on Debian still include glibc, libssl, ca-certificates, and tzdata. Go and Rust applications statically link their entire dependency tree into a single binary. Java applications bundle the entire JRE. These embedded components carry vulnerabilities that are invisible to manifest-based scanners but fully exploitable at runtime.

How Precogs AI Scans Distroless Images

Precogs AI performs binary-level analysis that doesn't depend on package databases. We disassemble executables, identify embedded library versions through function signatures, detect memory corruption patterns, and match compiled code against known CVEs — the only reliable approach for distroless and scratch-based containers.

Attack Scenario: The Invisible CVE in Production

1

A security team mandates distroless containers for all production workloads to 'eliminate OS-level vulnerabilities'.

2

The CI/CD pipeline runs Trivy on every image and enforces a zero-vulnerability policy.

3

All distroless images pass with '0 vulnerabilities' because Trivy has no package database to query.

4

A Go microservice statically links a CGO-enabled SQLite library containing CVE-2022-35737 (a critical buffer overflow).

5

An attacker exploits the SQLite vulnerability through crafted database queries, achieving remote code execution inside the distroless container.

Real-World Code Examples

False Negative from Manifest-Based Scanner

Distroless and scratch-based containers lack the package databases (dpkg status, rpm db) that traditional scanners rely on. When Trivy or Grype scan a distroless image, they report zero vulnerabilities — but the binary may contain statically linked OpenSSL, zlib, or glibc with known CVEs. Only binary-level analysis detects these.

VULNERABLE PATTERN
# VULNERABLE: Distroless image gives false confidence
FROM golang:1.21 AS builder
RUN CGO_ENABLED=1 go build -o /app ./...

# Distroless has no package manager → scanners report 0 vulnerabilities
FROM gcr.io/distroless/base-debian12
COPY --from=builder /app /app
# The Go binary statically links an old OpenSSL via CGO
# Trivy/Grype report: "0 vulnerabilities found" ← FALSE NEGATIVE
CMD ["/app"]
SECURE FIX
# SAFE: Binary-level scanning + minimal base
FROM golang:1.22 AS builder
# Disable CGO to avoid linking system C libraries
RUN CGO_ENABLED=0 go build -ldflags="-s -w" -o /app ./...

# Use scratch for truly minimal image
FROM scratch
COPY --from=builder /app /app
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
# Scan the final binary with Precogs AI binary analysis
CMD ["/app"]

Detection & Prevention Checklist

  • Never rely solely on manifest-based scanners (Trivy, Grype) for distroless or scratch images — they produce false negatives
  • Use binary analysis tools (Precogs AI, binary SCA) that identify library versions from compiled code signatures
  • Prefer CGO_ENABLED=0 for Go builds to avoid linking system C libraries into the binary
  • Track the base distroless image version and monitor its upstream Debian packages for security updates
  • Generate SBOMs from the build process (syft, ko) rather than from the final image to capture all dependencies
🛡️

How Precogs AI Protects You

Precogs AI bypasses the distroless scanning gap by analyzing compiled binaries directly — detecting CVEs in embedded glibc, OpenSSL, and statically linked dependencies that manifest-based scanners completely miss.

Start Free Scan

Related Weakness Types

CWE-1104CWE-327CWE-120CWE-676

Are distroless containers secure?

Distroless containers reduce attack surface by removing shells and package managers but still contain vulnerable base libraries (glibc, OpenSSL, zlib). Traditional scanners report false negatives because there's no package database. Precogs AI binary analysis detects these hidden vulnerabilities.

Scan for Distroless Container Security Issues

Precogs AI automatically detects distroless container security vulnerabilities and generates AutoFix PRs.

Start Free Scan