BellSoft Hardened Images: A New Security Layer for Java Containers

Ethan Cole
Ethan Cole I’m Ethan Cole, a digital journalist based in New York. I write about how technology shapes culture and everyday life — from AI and machine learning to cloud services, cybersecurity, hardware, mobile apps, software, and Web3. I’ve been working in tech media for over 7 years, covering everything from big industry news to indie app launches. I enjoy making complex topics easy to understand and showing how new tools actually matter in the real world. Outside of work, I’m a big fan of gaming, coffee, and sci-fi books. You’ll often find me testing a new mobile app, playing the latest indie game, or exploring AI tools for creativity.
4 min read 63 views
BellSoft Hardened Images: A New Security Layer for Java Containers

BellSoft Hardened Images introduce a revised approach to securing Java containers. The company announced the solution at KubeCon 2025, and it arrives as organisations face rising pressure to reduce supply chain risks. As a result, BellSoft aims to simplify container hardening while improving runtime efficiency.

The release targets a persistent issue. Many containers still ship with large dependency stacks and hundreds of known vulnerabilities. Moreover, Java workloads often accumulate risks faster than services written in Go or other languages. Because of this, BellSoft created Hardened Images to reduce exposure earlier in the development cycle.

Why BellSoft Hardened Images Matter for Developers

Container security issues usually begin with oversized base images. Therefore, BellSoft built its solution on Alpaquita Linux, a lightweight distribution that balances minimalism with compatibility. In contrast to Alpine, which often creates friction for Java teams, Alpaquita avoids common musl-related challenges.

The company also removes all non-essential tools from its hardened containers. As a result, package managers and other modifiable elements are gone. This immutability helps prevent tampering and stops attackers from altering the runtime environment. In addition, each image includes a detailed SBOM, which simplifies audits and compliance checks.

How BellSoft Hardened Images Support Shift-Left Security

Security teams increasingly want risks addressed earlier. Consequently, BellSoft integrates hardening directly into the runtime layer. The images ship with Liberica JDK Lite, which reduces RAM and disk use. Moreover, BellSoft handles patch development internally. This allows faster CVE remediation compared to community-maintained images.

These combined choices give organisations predictable performance and stronger security. In addition, they reduce the need for external scanners and manual fixes, which often slow down release cycles.

BellSoft’s Hardened Java Approach in a Competitive Market

The hardened-image market is expanding quickly. Supply chain incidents have pushed companies to rethink their foundations. Meanwhile, BellSoft joins established players such as Chainguard, Docker and Google.

Chainguard focuses heavily on supply chain integrity with its Wolfi-based images. Google pioneered the “Distroless” concept, removing shells and package managers entirely. However, Distroless images often frustrate developers because they are hard to debug. BellSoft attempts to strike a middle ground. The company delivers strong hardening yet maintains usability, especially for Java-heavy workloads.

Furthermore, BellSoft’s position as a major OpenJDK contributor gives it a technical advantage. It can optimise the runtime and the OS together, creating a more aligned experience for Java teams.

A Practical Option for Securing Java at Scale

BellSoft Hardened Images arrive at a time when Java remains at the core of many enterprise systems. Therefore, organisations need predictable and secure container environments. These images create a consistent base that improves reliability and reduces operational overhead.

In addition, the SBOM support and hardened structure help organisations prepare for upcoming regulatory frameworks. This includes NIS2, the EU AI Act and other global standards that demand transparency across software supply chains.

Availability and Tier Options

BellSoft offers three tiers:

  • Community Tier – Free Hardened Liberica Runtime Containers on Docker Hub.
  • Standard Tier – Added language support for Python, Go and GraalVM.
  • Premium Tier – SLAs for critical CVE fixes and extended technical support.

All tiers are available now, giving teams flexibility based on their scale and security needs.

BellSoft Hardened Images Strengthen Java Security Readiness

With BellSoft Hardened Images, the company delivers a layered and efficient approach to container hardening. The blend of OS optimisation, rapid CVE remediation and minimal resource use helps Java teams build safer applications without changing their workflows. Consequently, the solution may become an important building block for organisations preparing for tighter supply chain security requirements.

Read also

Join the discussion in our Facebook community.

Share this article: