Mysql 8.0

hardened

Full version: 8.0 Analyzed: 2026-02-10

Size Reduction -20% 804.2 MB to 969.0 MB (-164.8 MB saved)

Component Reduction 49% 140 to 72 packages (68 removed)

Vulnerability Reduction 100% 19 to 0 vulnerabilities (19 eliminated)

Image Comparison

Property	upstream	hardened
Image	docker.io/library/mysql:8.0	ghcr.io/armorred/mysql:8.0-hardened
Size	804.2 MB	969.0 MB
Layers	11	75
Components	140	72
Vulnerabilities	19	0
Runtime User	root	65534

Vulnerability Analysis

upstream 19 total

2medium

1low

hardened 0 total

Upstream vulnerability details (19)

CVE ID	Severity	Package	Version	Fixed In
GHSA-4xh5-x5gv-qwph	medium	pip	25.2	25.3
GHSA-6vgw-5pg2-w6jp	low	pip	25.2	26.0
GHSA-mrfv-m5wm-5w6w	medium	pynacl	1.5.0	2.5.0
GO-2025-4006	unknown	stdlib	1.24.6	1.24.8
GO-2025-4007	unknown	stdlib	1.24.6	1.24.9
GO-2025-4008	unknown	stdlib	1.24.6	1.24.8
GO-2025-4009	unknown	stdlib	1.24.6	1.24.8
GO-2025-4010	unknown	stdlib	1.24.6	1.24.8
GO-2025-4011	unknown	stdlib	1.24.6	1.24.8
GO-2025-4012	unknown	stdlib	1.24.6	1.24.8
GO-2025-4013	unknown	stdlib	1.24.6	1.24.8
GO-2025-4014	unknown	stdlib	1.24.6	1.24.8
GO-2025-4015	unknown	stdlib	1.24.6	1.24.8
GO-2025-4155	unknown	stdlib	1.24.6	1.24.11
GO-2025-4175	unknown	stdlib	1.24.6	1.24.11
GO-2026-4337	unknown	stdlib	1.24.6	1.24.13
GO-2026-4340	unknown	stdlib	1.24.6	1.24.12
GO-2026-4341	unknown	stdlib	1.24.6	1.24.12
GO-2026-4342	unknown	stdlib	1.24.6	1.24.12

Software Bill of Materials

upstream components (140)

alternatives 1.24-2.0.1.el9
antlr4-python3-runtime 4.13.2
audit-libs 3.1.5-7.0.1.el9
basesystem 11-13.el9
bash 5.1.8-9.el9
bcrypt 4.3.0
bzip2 1.0.8-10.el9_5
bzip2-libs 1.0.8-10.el9_5
ca-certificates 2025.2.80_v9.0.305-91.el9
certifi 2025.11.12
cffi 2.0.0
circuitbreaker 2.1.3
coreutils-single 8.32-39.0.1.el9
crypto-policies 20250905-1.git377cc42.el9_7
cryptography 45.0.7
curl 7.76.1-35.el9_7.3
cyrus-sasl-lib 2.1.27-22.el9
dnf-data 4.14.0-31.0.1.el9
file-libs 5.39-16.el9
filesystem 3.16-5.el9
findutils 1:4.8.0-7.el9
gawk 5.1.0-6.el9
gdbm-libs 1:1.23-1.el9
github.com/moby/sys/user v0.1.0
github.com/tianon/gosu v1.19.0
glib2 2.68.4-18.el9_7.1
glibc 2.34-231.0.1.el9_7.2
glibc-common 2.34-231.0.1.el9_7.2
glibc-minimal-langpack 2.34-231.0.1.el9_7.2
gmp 1:6.2.0-13.el9
gnupg2 2.3.3-5.el9_7
gnutls 3.8.3-9.el9
gobject-introspection 1.68.0-11.el9
golang.org/x/sys v0.1.0
gpg-pubkey 8b4efbe6-629ec292
gpg-pubkey 8d8b756f-629e59ec
gpgme 1.15.1-6.el9
grep 3.6-5.el9
gzip 1.12-1.el9
invoke 2.2.0
json-c 0.14-11.el9
keyutils-libs 1.6.3-1.el9
krb5-libs 1.21.1-8.0.1.el9_6
libacl 2.3.1-4.el9
libaio 0.3.111-13.el9
libarchive 3.5.3-6.el9_6
libassuan 2.5.5-3.el9
libattr 2.5.1-3.el9
libblkid 2.37.4-21.0.1.el9_7
libbrotli 1.0.9-9.el9_7
libcap 2.48-10.el9
libcap-ng 0.8.2-7.el9
libcom_err 1.46.5-8.el9
libcurl 7.76.1-35.el9_7.3
libdnf 0.69.0-16.0.1.el9
libevent 2.1.12-8.el9_4
libffi 3.4.2-8.el9
libgcc 11.5.0-11.0.2.el9
libgcrypt 1.10.0-11.el9
libgpg-error 1.42-5.el9
libidn2 2.3.0-7.el9
libksba 1.5.1-7.el9
libmodulemd 2.13.0-2.el9
libmount 2.37.4-21.0.1.el9_7
libnghttp2 1.43.0-6.el9
libpeas 1.30.0-4.el9
libpsl 0.21.1-5.el9
librepo 1.14.5-3.el9
libreport-filesystem 2.15.2-6.0.3.el9
libselinux 3.6-3.el9
libsemanage 3.6-5.el9_6
libsepol 3.6-3.el9
libsigsegv 2.13-4.el9
libsmartcols 2.37.4-21.0.1.el9_7
libsolv 0.7.24-3.el9
libssh 0.10.4-17.el9_7
libssh-config 0.10.4-17.el9_7
libstdc++ 11.5.0-11.0.2.el9
libtasn1 4.16.0-9.el9
libtirpc 1.3.3-9.el9
libtool-ltdl 2.4.6-46.el9
libunistring 0.9.10-15.el9
libuuid 2.37.4-21.0.1.el9_7
libverto 0.3.2-3.el9
libxcrypt 4.4.18-3.el9
libxml2 2.9.13-14.el9_7
libyaml 0.2.5-7.el9
libzstd 1.5.5-1.el9
lua-libs 5.4.4-4.el9
lz4-libs 1.9.3-5.el9
microdnf 3.9.1-3.el9
mpfr 4.1.0-7.el9
mysql-community-server-minimal 8.0.45-1.el9
mysql-shell 8.0.45-1.el9
ncurses-base 6.2-12.20210508.el9
ncurses-libs 6.2-12.20210508.el9
nettle 3.10.1-1.el9
npth 1.6-8.el9
oci 2.164.0
openldap 2.6.8-4.el9
openssl 1:3.5.1-7.0.1.el9_7
openssl-fips-provider 3.0.7-8.0.1.el9
openssl-fips-provider-so 3.0.7-8.0.1.el9
openssl-libs 1:3.5.1-7.0.1.el9_7
oraclelinux-release 9:9.7-1.0.6.el9
oraclelinux-release-el9 1.0-26.el9
p11-kit 0.25.3-3.el9_5
p11-kit-trust 0.25.3-3.el9_5
paramiko 4.0.0
pcre 8.44-4.el9
pcre2 10.40-6.0.1.el9
pcre2-syntax 10.40-6.0.1.el9
pip 25.2
popt 1.18-8.el9
publicsuffix-list-dafsa 20210518-3.el9
pycparser 2.23
pynacl 1.5.0
pyopenssl 25.1.0
python-dateutil 2.9.0.post0
pytz 2025.2
pyyaml 6.0.2
readline 8.1-4.el9
redhat-release 3:9.7-0.6.0.1.el9
rpm 4.16.1.3-39.el9
rpm-libs 4.16.1.3-39.el9
sed 4.8-9.el9
setup 2.13.7-10.el9
shadow-utils 2:4.9-15.el9
six 1.17.0
sqlite-libs 3.34.1-9.el9_7
stdlib go1.24.6
svg-py 1.6.0
systemd-libs 252-55.0.3.el9_7.7
tar 2:1.34-9.el9_7
typing-extensions 4.12.2
tzdata 2025c-1.el9
xz 5.2.5-8.el9_0
xz-libs 5.2.5-8.el9_0
zlib 1.2.11-40.el9
zstd 1.5.5-1.el9

hardened components (72)

abseil-cpp 20210324.2
acl 2.3.2
attr 2.5.2
bash 5.2p37
binutils 2.43.1
binutils 2.43.1
binutils-wrapper 2.43.1
boost 1.77.0
boost 1.77.0
brotli 1.1.0
bzip2 1.0.8
coreutils 9.5
curl 8.12.1
gcc 13.3.0
gcc 13.3.0
gcc 13.3.0
gcc-wrapper 13.3.0
glibc 2.40-66
glibc 2.40-66
glibc 2.40-66
gmp 6.3.0
gmp-with-cxx 6.3.0
gnugrep 3.11
icu4c 69.1
icu4c 69.1
icu4c 74.2
isl 0.20
keyutils 1.6.3
krb5 1.21.3
libcap 2.70
libcbor 0.11.0
libedit 20240808-3.1
libedit 20240808-3.1
libevent 2.1.12
libevent 2.1.12
libevent 2.1.12
libfido2 1.15.0
libfido2 1.15.0
libidn2 2.3.7
libmpc 1.3.1
libpsl 0.21.5
libssh2 1.11.1
libtirpc 1.3.5
libunistring 1.2
linux-headers 6.10
lz4 1.10.0
lz4 1.10.0
lz4 1.10.0
mpfr 4.2.1
mysql 8.0.42
ncurses 6.4.20221231
ncurses 6.4.20221231
ncurses 6.4.20221231
nghttp2 1.64.0
numactl 2.0.18
openssl 3.3.3
openssl 3.3.3
openssl 3.3.3
patchelf 0.15.0
pcre2 10.44
pcsclite 2.3.0
pkg-config 0.29.2
pkg-config-wrapper 0.29.2
protobuf 21.12
publicsuffix-list-0 unstable-2024-10-25
systemd-minimal-libs 256.10
xgcc 13.3.0
xz 5.6.3
zlib 1.3.1
zstd 1.5.6
zstd 1.5.6
zstd 1.5.6

Download SBOMs

Upstream SBOM Hardened SBOM

Usage

$
podman pull ghcr.io/armorred/mysql:8.0

Verify Signature

$
cosign verify --key https://armorred.org/cosign.pub ghcr.io/armorred/mysql:8.0