cleanstart/curl Docker 镜像 - 轩辕镜像

CleanStart Container for Curl

Enterprise-grade containerized curl client for secure and efficient HTTP/HTTPS requests. This image provides the popular curl command-line tool for transferring data using various protocols, optimized for cloud-native environments. Built on a security-hardened base, it includes SSL/TLS support, comprehensive protocol handling (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP, FILE), and enterprise security features including FIPS compliance options. Ideal for automated testing, API interactions, and secure file transfers in containerized environments.

📌 CleanStart Foundation: Security-hardened, minimal base OS designed for enterprise containerized environments.

Key Features

• Comprehensive protocol support (HTTP/HTTPS, FTP, SFTP, SCP)
• Advanced SSL/TLS security with certificate validation
• IPv4 and IPv6 support with proxy capabilities
• Enterprise-grade security features including FIPS compliance

Common Use Cases

• API endpoint testing and validation
• Automated file downloads and uploads
• Web service health checking and monitoring
• Secure data transfer between systems

Quick Start

Pull Latest Image Download the container image from the registry

bash
docker pull cleanstart/curl:latest
docker pull cleanstart/curl:latest-dev

Basic Run Run the container with basic configuration

bash
docker run -it --name curl-test cleanstart/curl:latest-dev

Production Deployment Deploy with production security settings

bash
  docker run -d --name curl-prod --read-only --security-opt=no-new-privileges --user 1000:1000 cleanstart/curl:latest [***]

Volume Mount Mount local directory for persistent data

bash
docker run -v $(pwd)/data:/data cleanstart/curl:latest

Entrypoint Run and check entrypoint

bash
docker run -it --rm --entrypoint sh cleanstart/curl:latest-dev

Configuration

Environment Variables

Security & Best Practices

Recommended Security Context

yaml
securityContext:
  runAsNonRoot: true
  runAsUser: 1000
  runAsGroup: 1000
  readOnlyRootFilesystem: true
  allowPrivilegeEscalation: false
  capabilities:
    drop: ['ALL']

Best Practices

• Use specific image tags for production (avoid latest)
• Configure resource limits: memory and CPU constraints
• Enable read-only root filesystem when possible
• Run containers with non-root user (--user 1000:1000)
• Use --security-opt=no-new-privileges flag
• Regularly update container images for security patches
• Implement proper network segmentation
• Monitor container metrics for anomalies

Architecture Support

Multi-Platform Images

bash
  docker pull --platform linux/amd64 cleanstart/curl:latest
docker pull --platform linux/arm64 cleanstart/curl:latest

Resources & Documentation

• CleanStart Community Images: [***]
• CleanStart Website: [***]
• Curl Documentation: [***]
• How-to-Run CleanStart Images & Sample Projects: [***]
  • how-to-Run sample projects using dockerfile
  • how-to-Deploy via Kubernete YAML
  • how-to-Migrate from public images to CleanStart images

Vulnerability Disclaimer

CleanStart offers Docker images that include third-party open-source libraries and packages maintained by independent contributors. While CleanStart maintains these images and applies industry-standard security practices, it cannot guarantee the security or integrity of upstream components beyond its control.

Users acknowledge and agree that open-source software may contain undiscovered vulnerabilities or introduce new risks through updates. CleanStart shall not be liable for security issues originating from third-party libraries, including but not limited to zero-day exploits, supply chain ***s, or contributor-introduced risks.

Security remains a shared responsibility: CleanStart provides updated images and guidance where possible, while users are responsible for evaluating deployments and implementing appropriate controls.