> For the complete documentation index, see [llms.txt](https://andifalk.gitbook.io/secure-kubernetes-development/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://andifalk.gitbook.io/secure-kubernetes-development/container-security/step5-hello-paketo.md). # Rootless Container with Paketo This demo again builds a container image from the demo application. For details on the demo application see [hello spring boot application](/secure-kubernetes-development/application-security/step1-hello-spring-boot.md). But this time instead of using a *Dockerfile* or JIB we will just try [spring boot tooling](https://docs.spring.io/spring-boot/docs/current/reference/html/container-images.html#container-images.buildpacks) together with [paketo buildpacks](https://github.com/paketo-buildpacks/spring-boot) to build the container image. **Important note**: Paketo buildpacks are still missing ARM64 support (Apple M1/M2 Mac hardware). See [GitHub issue: Add support for arm64](https://github.com/paketo-buildpacks/stacks/issues/51) for details. ```groovy plugins { id 'com.google.cloud.tools.jib' version '2.6.0' } jib { to { image = 'andifalk/hello-rootless-jib:latest' } container { user = 1002 } } ``` You can prove this by using these commands: ```shell docker container run --rm --detach --name hello-rootless-jib \ -p 8080:8080 andifalk/hello-rootless-jib:latest docker exec hello-rootless-jib whoami ``` This time this should report an error as in the [distroless image](https://github.com/GoogleContainerTools/distroless), as used by JIB as default, there even is no shell installed and so no *whoami* command is possible. You should also be able to reach the dockerized application again via [localhost:8080](http://localhost:8080). Finally, stop the running container by using the following command: ```shell docker stop hello-rootless-jib ``` ## Check image for Vulnerabilities Now we can check our image for vulnerabilities with high and critical severities using this command: ```shell trivy clean --scan-cache trivy image --severity HIGH,CRITICAL andifalk/hello-rootless-jib:latest ``` ## Next [Next: Initial Unsafe K8s Deploy](https://github.com/andifalk/secure-development-on-kubernetes/blob/master/step5-initial-k8s-deploy/README.md) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://andifalk.gitbook.io/secure-kubernetes-development/container-security/step5-hello-paketo.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.