About

What is ARMORRED?

ARMORRED is an open source project focused on supply chain security for container images. We provide hardened, minimal container images that are built with security as the primary concern.

Mission

The software supply chain has become a critical attack vector. From dependency confusion to malicious packages, organizations face increasing threats from compromised software components.

ARMORRED project addresses this by providing free, GPL-3.0 licensed container images that are production-ready from day one. No licensing fees, no vendor lock-in, no hidden costs.

  • Verifiable container images with complete provenance
  • Minimal attack surfaces through stripped-down base images
  • Cryptographic signatures for every artifact
  • Comprehensive Software Bill of Materials (SBOM)
  • 100% free and open source under GPL-3.0
  • Production-grade quality with enterprise reliability
  • Community-driven development and transparency

Principles

01

Minimal by Default

Every armorred image contains only what is strictly necessary to run the application. No shells, no package managers, no debugging tools unless explicitly required.

02

Reproducible Builds

Our build process is deterministic. Given the same inputs, anyone can reproduce the exact same container image, bit-for-bit.

03

Transparent Supply Chain

Every dependency is tracked, every build step is logged, and every artifact is signed. Full visibility into what goes into your containers.

04

Non-root Execution

All containers run as non-privileged users by default. Privilege escalation attacks are prevented at the container level.

Contributing

armorred is open source and welcomes contributions. Visit our GitHub repository to get involved.

License

armorred images are licensed under GPL-3.0.