Etcd 3

hardened latest

Full version: 3.5.26 Analyzed: 2026-02-11

Size Reduction -134% 66.2 MB to 155.1 MB (-88.9 MB saved)

Component Reduction -18% 182 to 215 packages (-33 removed)

Vulnerability Reduction 88% 8 to 1 vulnerabilities (7 eliminated)

Image Comparison

Property	upstream	hardened
Image	gcr.io/etcd-development/etcd:v3.5.26	ghcr.io/armorred/etcd:3.5.26-hardened
Size	66.2 MB	155.1 MB
Layers	16	38
Components	182	215
Vulnerabilities	8	1
Runtime User	0	999

Vulnerability Analysis

upstream 8 total

hardened 1 total

Upstream vulnerability details (8)

CVE ID	Severity	Package	Version	Fixed In
GO-2026-4337	unknown	stdlib	1.24.11	1.24.13
GO-2026-4340	unknown	stdlib	1.24.11	1.24.12
GO-2026-4341	unknown	stdlib	1.24.11	1.24.12
GO-2026-4342	unknown	stdlib	1.24.11	1.24.12
DLA-3972-1	unknown	tzdata	2024a-0+deb11u1	2024b-0+deb11u1
DLA-4085-1	unknown	tzdata	2024a-0+deb11u1	2025a-0+deb11u1
DLA-4105-1	unknown	tzdata	2024a-0+deb11u1	2025b-0+deb11u1
DLA-4403-1	unknown	tzdata	2024a-0+deb11u1	2025b-0+deb11u2

Hardened vulnerability details (1)

CVE ID	Severity	Package	Version	Fixed In
GO-2026-4337	unknown	stdlib	1.24.12	1.24.13

Software Bill of Materials

upstream components (182)

base-files 11.1+deb11u10
github.com/beorn7/perks v1.0.1
github.com/beorn7/perks v1.0.1
github.com/beorn7/perks v1.0.1
github.com/bgentry/speakeasy v0.1.0
github.com/cenkalti/backoff/v4 v4.2.1
github.com/cespare/xxhash/v2 v2.3.0
github.com/cespare/xxhash/v2 v2.3.0
github.com/cespare/xxhash/v2 v2.3.0
github.com/coreos/go-semver v0.3.0
github.com/coreos/go-semver v0.3.0
github.com/coreos/go-semver v0.3.0
github.com/coreos/go-systemd/v22 v22.3.2
github.com/coreos/go-systemd/v22 v22.3.2
github.com/coreos/go-systemd/v22 v22.3.2
github.com/cpuguy83/go-md2man/v2 v2.0.0
github.com/dustin/go-humanize v1.0.0
github.com/dustin/go-humanize v1.0.0
github.com/dustin/go-humanize v1.0.0
github.com/go-logr/logr v1.4.2
github.com/go-logr/logr v1.4.2
github.com/go-logr/logr v1.4.2
github.com/go-logr/stdr v1.2.2
github.com/go-logr/stdr v1.2.2
github.com/go-logr/stdr v1.2.2
github.com/gogo/protobuf v1.3.2
github.com/gogo/protobuf v1.3.2
github.com/gogo/protobuf v1.3.2
github.com/golang-jwt/jwt/v4 v4.5.2
github.com/golang-jwt/jwt/v4 v4.5.2
github.com/golang-jwt/jwt/v4 v4.5.2
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da
github.com/golang/protobuf v1.5.4
github.com/golang/protobuf v1.5.4
github.com/golang/protobuf v1.5.4
github.com/google/btree v1.0.1
github.com/google/btree v1.0.1
github.com/google/btree v1.0.1
github.com/google/uuid v1.6.0
github.com/gorilla/websocket v1.4.2
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
github.com/grpc-ecosystem/grpc-gateway v1.16.0
github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0
github.com/jonboulle/clockwork v0.2.2
github.com/jonboulle/clockwork v0.2.2
github.com/jonboulle/clockwork v0.2.2
github.com/json-iterator/go v1.1.11
github.com/json-iterator/go v1.1.11
github.com/json-iterator/go v1.1.11
github.com/mattn/go-runewidth v0.0.9
github.com/mattn/go-runewidth v0.0.9
github.com/matttproud/golang_protobuf_extensions v1.0.1
github.com/matttproud/golang_protobuf_extensions v1.0.1
github.com/matttproud/golang_protobuf_extensions v1.0.1
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/reflect2 v1.0.1
github.com/modern-go/reflect2 v1.0.1
github.com/modern-go/reflect2 v1.0.1
github.com/olekukonko/tablewriter v0.0.5
github.com/olekukonko/tablewriter v0.0.5
github.com/prometheus/client_golang v1.11.1
github.com/prometheus/client_golang v1.11.1
github.com/prometheus/client_golang v1.11.1
github.com/prometheus/client_model v0.2.0
github.com/prometheus/client_model v0.2.0
github.com/prometheus/client_model v0.2.0
github.com/prometheus/common v0.26.0
github.com/prometheus/common v0.26.0
github.com/prometheus/common v0.26.0
github.com/prometheus/procfs v0.6.0
github.com/prometheus/procfs v0.6.0
github.com/prometheus/procfs v0.6.0
github.com/russross/blackfriday/v2 v2.0.1
github.com/shurcooL/sanitized_anchor_name v1.0.0
github.com/sirupsen/logrus v1.9.3
github.com/soheilhy/cmux v0.1.5
github.com/spf13/cobra v1.1.3
github.com/spf13/cobra v1.1.3
github.com/spf13/cobra v1.1.3
github.com/spf13/pflag v1.0.5
github.com/spf13/pflag v1.0.5
github.com/spf13/pflag v1.0.5
github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802
github.com/urfave/cli v1.22.4
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2
go.etcd.io/bbolt v1.3.12
go.etcd.io/bbolt v1.3.12
go.etcd.io/bbolt v1.3.12
go.etcd.io/etcd/api/v3 UNKNOWN
go.etcd.io/etcd/api/v3 UNKNOWN
go.etcd.io/etcd/api/v3 UNKNOWN
go.etcd.io/etcd/client/pkg/v3 UNKNOWN
go.etcd.io/etcd/client/pkg/v3 UNKNOWN
go.etcd.io/etcd/client/pkg/v3 UNKNOWN
go.etcd.io/etcd/client/v2 UNKNOWN
go.etcd.io/etcd/client/v2 UNKNOWN
go.etcd.io/etcd/client/v2 UNKNOWN
go.etcd.io/etcd/client/v3 UNKNOWN
go.etcd.io/etcd/client/v3 UNKNOWN
go.etcd.io/etcd/client/v3 UNKNOWN
go.etcd.io/etcd/etcdctl/v3 v0.0.0-20251217192713-65251b30e00b
go.etcd.io/etcd/etcdutl/v3 UNKNOWN
go.etcd.io/etcd/etcdutl/v3 v0.0.0-20251217192713-65251b30e00b
go.etcd.io/etcd/pkg/v3 UNKNOWN
go.etcd.io/etcd/pkg/v3 UNKNOWN
go.etcd.io/etcd/pkg/v3 UNKNOWN
go.etcd.io/etcd/raft/v3 UNKNOWN
go.etcd.io/etcd/raft/v3 UNKNOWN
go.etcd.io/etcd/raft/v3 UNKNOWN
go.etcd.io/etcd/server/v3 UNKNOWN
go.etcd.io/etcd/server/v3 UNKNOWN
go.etcd.io/etcd/server/v3 v0.0.0-20251217192713-65251b30e00b
go.opentelemetry.io/auto/sdk v1.1.0
go.opentelemetry.io/auto/sdk v1.1.0
go.opentelemetry.io/auto/sdk v1.1.0
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.0
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.0
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.0
go.opentelemetry.io/otel v1.34.0
go.opentelemetry.io/otel v1.34.0
go.opentelemetry.io/otel v1.34.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.20.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.20.0
go.opentelemetry.io/otel/metric v1.34.0
go.opentelemetry.io/otel/metric v1.34.0
go.opentelemetry.io/otel/metric v1.34.0
go.opentelemetry.io/otel/sdk v1.34.0
go.opentelemetry.io/otel/trace v1.34.0
go.opentelemetry.io/otel/trace v1.34.0
go.opentelemetry.io/otel/trace v1.34.0
go.opentelemetry.io/proto/otlp v1.0.0
go.uber.org/atomic v1.7.0
go.uber.org/atomic v1.7.0
go.uber.org/atomic v1.7.0
go.uber.org/multierr v1.6.0
go.uber.org/multierr v1.6.0
go.uber.org/multierr v1.6.0
go.uber.org/zap v1.17.0
go.uber.org/zap v1.17.0
go.uber.org/zap v1.17.0
golang.org/x/crypto v0.45.0
golang.org/x/crypto v0.45.0
golang.org/x/crypto v0.45.0
golang.org/x/net v0.47.0
golang.org/x/net v0.47.0
golang.org/x/net v0.47.0
golang.org/x/sys v0.38.0
golang.org/x/sys v0.38.0
golang.org/x/sys v0.38.0
golang.org/x/text v0.31.0
golang.org/x/text v0.31.0
golang.org/x/text v0.31.0
golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba
golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba
golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba
google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d
google.golang.org/genproto/googleapis/api v0.0.0-20250106144421-5f5ef82da422
google.golang.org/genproto/googleapis/api v0.0.0-20250106144421-5f5ef82da422
google.golang.org/genproto/googleapis/api v0.0.0-20250106144421-5f5ef82da422
google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f
google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f
google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f
google.golang.org/grpc v1.71.1
google.golang.org/grpc v1.71.1
google.golang.org/grpc v1.71.1
google.golang.org/protobuf v1.36.4
google.golang.org/protobuf v1.36.4
google.golang.org/protobuf v1.36.4
gopkg.in/cheggaaa/pb.v1 v1.0.28
gopkg.in/natefinch/lumberjack.v2 v2.0.0
gopkg.in/yaml.v2 v2.4.0
netbase 6.3
sigs.k8s.io/yaml v1.2.0
stdlib go1.24.11
stdlib go1.24.11
stdlib go1.24.11
tzdata 2024a-0+deb11u1

hardened components (215)

acl 2.3.2
attr 2.5.2
bash 5.3p3
bash-interactive 5.3p3
brotli 1.2.0
coreutils 9.8
curl 8.17.0
curl 8.17.0
etcd 3.5.26
etcdctl 3.5.26
etcdserver 3.5.26
etcdutl 3.5.26
gcc 15.2.0
gcc 15.2.0
github.com/beorn7/perks v1.0.1
github.com/beorn7/perks v1.0.1
github.com/beorn7/perks v1.0.1
github.com/bgentry/speakeasy v0.1.0
github.com/cenkalti/backoff/v4 v4.2.1
github.com/cespare/xxhash/v2 v2.3.0
github.com/cespare/xxhash/v2 v2.3.0
github.com/cespare/xxhash/v2 v2.3.0
github.com/coreos/go-semver v0.3.0
github.com/coreos/go-semver v0.3.0
github.com/coreos/go-semver v0.3.0
github.com/coreos/go-systemd/v22 v22.3.2
github.com/coreos/go-systemd/v22 v22.3.2
github.com/coreos/go-systemd/v22 v22.3.2
github.com/cpuguy83/go-md2man/v2 v2.0.0
github.com/dustin/go-humanize v1.0.0
github.com/dustin/go-humanize v1.0.0
github.com/dustin/go-humanize v1.0.0
github.com/go-logr/logr v1.4.2
github.com/go-logr/logr v1.4.2
github.com/go-logr/logr v1.4.2
github.com/go-logr/stdr v1.2.2
github.com/go-logr/stdr v1.2.2
github.com/go-logr/stdr v1.2.2
github.com/gogo/protobuf v1.3.2
github.com/gogo/protobuf v1.3.2
github.com/gogo/protobuf v1.3.2
github.com/golang-jwt/jwt/v4 v4.5.2
github.com/golang-jwt/jwt/v4 v4.5.2
github.com/golang-jwt/jwt/v4 v4.5.2
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da
github.com/golang/protobuf v1.5.4
github.com/golang/protobuf v1.5.4
github.com/golang/protobuf v1.5.4
github.com/google/btree v1.0.1
github.com/google/btree v1.0.1
github.com/google/btree v1.0.1
github.com/google/uuid v1.6.0
github.com/gorilla/websocket v1.4.2
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
github.com/grpc-ecosystem/grpc-gateway v1.16.0
github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0
github.com/jonboulle/clockwork v0.2.2
github.com/jonboulle/clockwork v0.2.2
github.com/jonboulle/clockwork v0.2.2
github.com/json-iterator/go v1.1.11
github.com/json-iterator/go v1.1.11
github.com/json-iterator/go v1.1.11
github.com/mattn/go-runewidth v0.0.9
github.com/mattn/go-runewidth v0.0.9
github.com/matttproud/golang_protobuf_extensions v1.0.1
github.com/matttproud/golang_protobuf_extensions v1.0.1
github.com/matttproud/golang_protobuf_extensions v1.0.1
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/reflect2 v1.0.1
github.com/modern-go/reflect2 v1.0.1
github.com/modern-go/reflect2 v1.0.1
github.com/olekukonko/tablewriter v0.0.5
github.com/olekukonko/tablewriter v0.0.5
github.com/prometheus/client_golang v1.11.1
github.com/prometheus/client_golang v1.11.1
github.com/prometheus/client_golang v1.11.1
github.com/prometheus/client_model v0.2.0
github.com/prometheus/client_model v0.2.0
github.com/prometheus/client_model v0.2.0
github.com/prometheus/common v0.26.0
github.com/prometheus/common v0.26.0
github.com/prometheus/common v0.26.0
github.com/prometheus/procfs v0.6.0
github.com/prometheus/procfs v0.6.0
github.com/prometheus/procfs v0.6.0
github.com/russross/blackfriday/v2 v2.0.1
github.com/shurcooL/sanitized_anchor_name v1.0.0
github.com/sirupsen/logrus v1.9.3
github.com/soheilhy/cmux v0.1.5
github.com/spf13/cobra v1.1.3
github.com/spf13/cobra v1.1.3
github.com/spf13/cobra v1.1.3
github.com/spf13/pflag v1.0.5
github.com/spf13/pflag v1.0.5
github.com/spf13/pflag v1.0.5
github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802
github.com/urfave/cli v1.22.4
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2
glibc 2.40-66
gmp-with-cxx 6.3.0
go.etcd.io/bbolt v1.3.12
go.etcd.io/bbolt v1.3.12
go.etcd.io/bbolt v1.3.12
go.etcd.io/etcd/api/v3 UNKNOWN
go.etcd.io/etcd/api/v3 UNKNOWN
go.etcd.io/etcd/api/v3 UNKNOWN
go.etcd.io/etcd/client/pkg/v3 UNKNOWN
go.etcd.io/etcd/client/pkg/v3 UNKNOWN
go.etcd.io/etcd/client/pkg/v3 UNKNOWN
go.etcd.io/etcd/client/v2 UNKNOWN
go.etcd.io/etcd/client/v2 UNKNOWN
go.etcd.io/etcd/client/v2 UNKNOWN
go.etcd.io/etcd/client/v3 UNKNOWN
go.etcd.io/etcd/client/v3 UNKNOWN
go.etcd.io/etcd/client/v3 UNKNOWN
go.etcd.io/etcd/etcdctl/v3 UNKNOWN
go.etcd.io/etcd/etcdutl/v3 UNKNOWN
go.etcd.io/etcd/etcdutl/v3 UNKNOWN
go.etcd.io/etcd/pkg/v3 UNKNOWN
go.etcd.io/etcd/pkg/v3 UNKNOWN
go.etcd.io/etcd/pkg/v3 UNKNOWN
go.etcd.io/etcd/raft/v3 UNKNOWN
go.etcd.io/etcd/raft/v3 UNKNOWN
go.etcd.io/etcd/raft/v3 UNKNOWN
go.etcd.io/etcd/server/v3 UNKNOWN
go.etcd.io/etcd/server/v3 UNKNOWN
go.etcd.io/etcd/server/v3 UNKNOWN
go.opentelemetry.io/auto/sdk v1.1.0
go.opentelemetry.io/auto/sdk v1.1.0
go.opentelemetry.io/auto/sdk v1.1.0
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.0
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.0
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.0
go.opentelemetry.io/otel v1.34.0
go.opentelemetry.io/otel v1.34.0
go.opentelemetry.io/otel v1.34.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.20.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.20.0
go.opentelemetry.io/otel/metric v1.34.0
go.opentelemetry.io/otel/metric v1.34.0
go.opentelemetry.io/otel/metric v1.34.0
go.opentelemetry.io/otel/sdk v1.34.0
go.opentelemetry.io/otel/trace v1.34.0
go.opentelemetry.io/otel/trace v1.34.0
go.opentelemetry.io/otel/trace v1.34.0
go.opentelemetry.io/proto/otlp v1.0.0
go.uber.org/atomic v1.7.0
go.uber.org/atomic v1.7.0
go.uber.org/atomic v1.7.0
go.uber.org/multierr v1.6.0
go.uber.org/multierr v1.6.0
go.uber.org/multierr v1.6.0
go.uber.org/zap v1.17.0
go.uber.org/zap v1.17.0
go.uber.org/zap v1.17.0
golang.org/x/crypto v0.45.0
golang.org/x/crypto v0.45.0
golang.org/x/crypto v0.45.0
golang.org/x/net v0.47.0
golang.org/x/net v0.47.0
golang.org/x/net v0.47.0
golang.org/x/sys v0.38.0
golang.org/x/sys v0.38.0
golang.org/x/sys v0.38.0
golang.org/x/text v0.31.0
golang.org/x/text v0.31.0
golang.org/x/text v0.31.0
golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba
golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba
golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba
google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d
google.golang.org/genproto/googleapis/api v0.0.0-20250106144421-5f5ef82da422
google.golang.org/genproto/googleapis/api v0.0.0-20250106144421-5f5ef82da422
google.golang.org/genproto/googleapis/api v0.0.0-20250106144421-5f5ef82da422
google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f
google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f
google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f
google.golang.org/grpc v1.71.1
google.golang.org/grpc v1.71.1
google.golang.org/grpc v1.71.1
google.golang.org/protobuf v1.36.4
google.golang.org/protobuf v1.36.4
google.golang.org/protobuf v1.36.4
gopkg.in/cheggaaa/pb.v1 v1.0.28
gopkg.in/natefinch/lumberjack.v2 v2.0.0
gopkg.in/yaml.v2 v2.4.0
iana-etc 20250505
keyutils 1.6.3
krb5 1.22.1
libidn2 2.3.8
libpsl 0.21.5
libssh2 1.11.1
libunistring 1.4.1
mailcap 2.1.54
ncurses 6.5
nghttp2 1.67.1
nghttp3 1.13.1
ngtcp2 1.18.0
openssl 3.6.0
openssl 3.6.0
publicsuffix-list-0 unstable-2025-11-14
readline 8.3p1
sigs.k8s.io/yaml v1.2.0
stdlib go1.24.12
stdlib go1.24.12
stdlib go1.24.12
tzdata 2025b
xgcc 15.2.0
zlib 1.3.1
zstd 1.5.7

Download SBOMs

Upstream SBOM Hardened SBOM

Usage

$
podman pull ghcr.io/armorred/etcd:3

Verify Signature

$
cosign verify --key https://armorred.org/cosign.pub ghcr.io/armorred/etcd:3