The Maven image bundles a Java runtime (JDK), the Maven CLI and core plugins, a default settings.xml, and a local repository cache/layout plus transport and certificate support required for dependency resolution and artifact publishing. It is consumed in containerized build environments and CI/CD pipelines—as ephemeral build agents, in multi-stage container builds, or to run compilation, dependency resolution, unit/integration tests, artifact signing and publishing stages for reproducible builds.
Teams evaluate a Maven hardened image in regulated or high‑risk environments to reduce attack surface and increase auditability: minimal runtime packages, timely CVE patches for the JDK and Maven binaries, non‑root execution, tightened filesystem permissions, removed debugging tools, signed binaries and an SBOM to support compliance checks and vulnerability scanning.
The Minimus Maven image differs from typical Maven container images by starting from a minimal base and including only the essential runtime and build tools required for Maven workflows, which significantly reduces the attack surface compared with full-distribution images. Because it contains fewer packages and services, the Minimus Maven image is faster to pull and start, consumes less disk and memory, and is easier to maintain and audit in CI/CD pipelines and production hosts.
Beyond minimalism, the Minimus hardened Maven image is explicitly hardened to industry standards, aligning with guidance from NIST SP 800-190 and CIS Benchmarks; hardening steps include removing unnecessary binaries, tightening file permissions, and disabling ambient services to reduce privilege and exposure. These controls make the image a better fit for security-conscious teams who need repeatable, auditable, and lower-risk build artifacts.
Maven is a Java project build and dependency management tool. It uses a POM (Project Object Model) to declare project configuration, dependencies, plugins, and build goals.
It automates common tasks such as compiling, testing, packaging, and installing artifacts, orchestrating the complete lifecycle (compile, test, package, install, deploy). Maven resolves transitive dependencies from repositories, ensures reproducible builds, and can extend functionality with plugins and custom goals.
In container workflows, you typically start from a Maven image. For production security, you might use a hardened Maven image.
We build a Docker image to package an application and its runtime, libraries, and configuration into a portable, repeatable unit that runs the same on any host or in CI/CD.
Images provide isolation, reproducibility, versioning, and faster deployments because layers cache and environments stay consistent. For Java projects, a Maven image offers a consistent build and test environment; you can extend it or switch to a hardened Maven image for security and maintenance.
To run builds in Docker, use the Maven container image.
docker run --rm maven:3.9.0-openjdk-17-slim mvn -versiondocker run --rm -v "$PWD":/usr/src/mymodule -w /usr/src/mymodule maven:3.9.0-openjdk-17-slim mvn -B packageFor security, use a hardened Maven image that runs as non-root.