ClearCutt
Hardened Image Blueprint
Python
Python 3.13 · Slim · Nix Minimal Base

clearcutt-python3.13 : slim

Runtime tier — language runtime plus minimal troubleshooting binaries.

v0.6.5 amd64arm64 Status: active Support: CURRENT Prod Allowed Cosign signed SLSA L3 SBOM attached Scan attached Vulnerability gate passed Cryptographic Overlays Capable
Multi-arch Manifest Digest:
sha256:eeb81c9f2a0deac8f99251ae861e1eb2552c6c516ba78e7b8a9c651303f63773

Published Sat, 30 May 2026 19:24:38 GMT

Last Rebuilt Wed, 03 Jun 2026 08:01:04 GMT

Continuous Scan Active
1

About this Image & Usage

Explore container capabilities, common use cases, and complete integration blueprints.

Capabilities & Guarantees

This Python runtime image packages the Python 3.13 interpreter and standard library next to a restricted BusyBox shell, ideal for standard hosting requiring minor shell controls.

Common Use Cases

  • Deploying lightweight web servers and asynchronous backends (FastAPI, Django, Uvicorn)
  • Executing cron-based data synchronization or system administration scripts
  • Hosting microservices that require custom OS entrypoint scripts and diagnostic access

Runtime Security & Execution Contract

Shell Presence Yes (BusyBox/Bash)
Package Manager No (Absent)
Secure UID Operator UID 10001
Production Tier Yes (Allowed)
CA Certificates Present / Active
Timezone Data Present / Active

Developer blueprints

Copy pre-configured code structures to accelerate deployment pipelines.

Dockerfile dockerfile 
# Stage 1: Build virtualenv using the dev builder image
FROM ghcr.io/northcutted/clearcutt/clearcutt-python3.13:v0.6.5-dev AS builder
WORKDIR /app

# Set up virtualenv
RUN python -m venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"

COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

# Stage 2: Hardened runner stage (distroless or slim JRE/Python runtime)
FROM ghcr.io/northcutted/clearcutt/clearcutt-python3.13:v0.6.5-slim
WORKDIR /app

# Copy virtualenv and application code
COPY --from=builder /opt/venv /opt/venv
COPY . .

# Set environment and execute as secure non-root operator
ENV PATH="/opt/venv/bin:$PATH"
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1

USER 10001:10001
CMD ["python", "app.py"]

If your organization mandates a certified base OS (like Red Hat UBI, Amazon Linux, or Ubuntu Pro) for compliance, you can stack ClearCutt's RPATH-bound /nix/store closure directly on top without modifying base layers or bundled agents.

Dockerfile.overlay dockerfile 
# Stage 1: Pull the ClearCutt secure runtime OCI image to extract its store
FROM ghcr.io/northcutted/clearcutt/clearcutt-python3.13:v0.6.5-slim AS clearcutt

# Stage 2: Graft the runtime onto your mandated base OS (Red Hat UBI, AL2023, Ubuntu)
FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4

# Copy the immutable Nix store closure (leaves base OS layers and agents intact)
COPY --from=clearcutt /nix /nix

# Stabilize the runtime path behind /usr/local/bin so ENTRYPOINTs survive store bumps
RUN set -eux; \
    runtime_bin="$(find /nix/store -maxdepth 3 -type f -path '*/bin/python3' | head -n1)"; \
    test -n "$runtime_bin"; \
    ln -sf "$runtime_bin" /usr/local/bin/python3; \
    /usr/local/bin/python3 --version || /usr/local/bin/python3 -version || true

# Set workspace and run as ClearCutt's secure non-root user (UID 10001)
WORKDIR /app
COPY . .
USER 10001:10001

ENTRYPOINT ["/usr/local/bin/python3"]
flake.nix nix 
# Run an interactive local dev shell with the exact same remediated Python interpreter:
$ nix shell github:northcutted/clearcutt-images/v0.6.5#clearcuttPython313-native

# Or import inside your local flake.nix devShell overlay:
{
  inputs.clearcutt.url = "github:northcutted/clearcutt-images/v0.6.5";
  outputs = { self, nixpkgs, clearcutt }: {
    devShells.x86_64-linux.default = let
      pkgs = import nixpkgs {
        system = "x86_64-linux";
        overlays = [ clearcutt.overlays.default ];
      };
    in pkgs.mkShell {
      buildInputs = [ pkgs.clearcuttPython313 ];
    };
  };
}
layer.nix nix 
# Build a custom OCI image by layering extra packages in your Nix config
pkgs.dockerTools.buildImage {
  name = "custom-python-service";
  tag = "latest";
  
  # Layer on top of ClearCutt's base
  fromImage = clearcutt-base-image;
  
  copyToRoot = pkgs.buildEnv {
    name = "image-root";
    paths = [
      pkgs.ffmpeg           # Layer in extra tools declaratively
      python-application    # Include your compiled python build
    ];
    pathsToLink = [ "/bin" "/lib" ];
  };

  config = {
    Cmd = [ "/bin/app" ];
    User = "10001:10001";
  };
}

Pull & Run Workspace

Select your preferred container engine or deployment platform target.

Pull by multi-arch digest (Recommended, Secure)

docker pull ghcr.io/northcutted/clearcutt/clearcutt-python3.13@sha256:eeb81c9f2a0deac8f99251ae861e1eb2552c6c516ba78e7b8a9c651303f63773

Pinned to release

docker pull ghcr.io/northcutted/clearcutt/clearcutt-python3.13:v0.6.5-slim

Quick pull (rolling)

docker pull ghcr.io/northcutted/clearcutt/clearcutt-python3.13:slim

Hardened docker run

docker run --rm \
  --read-only \
  --cap-drop=ALL \
  --security-opt no-new-privileges \
  --user 10001:10001 \
  --tmpfs /tmp:mode=1777 \
  ghcr.io/northcutted/clearcutt/clearcutt-python3.13:v0.6.5-slim

Pull by multi-arch digest (Recommended, Secure)

podman pull ghcr.io/northcutted/clearcutt/clearcutt-python3.13@sha256:eeb81c9f2a0deac8f99251ae861e1eb2552c6c516ba78e7b8a9c651303f63773

Pinned to release

podman pull ghcr.io/northcutted/clearcutt/clearcutt-python3.13:v0.6.5-slim

Quick pull (rolling)

podman pull ghcr.io/northcutted/clearcutt/clearcutt-python3.13:slim

Hardened podman run

podman run --rm \
  --read-only \
  --cap-drop=ALL \
  --security-opt no-new-privileges \
  --user 10001:10001 \
  --tmpfs /tmp:mode=1777 \
  ghcr.io/northcutted/clearcutt/clearcutt-python3.13:v0.6.5-slim
docker-compose.yml yaml 
services:
  app:
    image: ghcr.io/northcutted/clearcutt/clearcutt-python3.13:v0.6.5-slim
    read_only: true
    user: "10001:10001"
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL
    tmpfs:
      - /tmp:mode=1777
pod.yaml yaml 
apiVersion: v1
kind: Pod
metadata:
  name: clearcutt-python3.13
spec:
  automountServiceAccountToken: false
  securityContext:
    runAsNonRoot: true
    runAsUser: 10001
    runAsGroup: 10001
    seccompProfile: { type: RuntimeDefault }
  containers:
    - name: app
      image: ghcr.io/northcutted/clearcutt/clearcutt-python3.13:v0.6.5-slim
      imagePullPolicy: IfNotPresent
      securityContext:
        readOnlyRootFilesystem: true
        allowPrivilegeEscalation: false
        capabilities: { drop: ["ALL"] }
      volumeMounts:
        - { name: tmp, mountPath: /tmp }
  volumes:
    - { name: tmp, emptyDir: { medium: Memory } }
flake.nix nix 
{
  inputs.clearcutt.url = "github:northcutted/clearcutt/v0.6.5";
  outputs = { self, nixpkgs, clearcutt }: {
    devShells.x86_64-linux.default = let
      pkgs = import nixpkgs {
        system = "x86_64-linux";
        overlays = [ clearcutt.overlays.default ];
      };
    in pkgs.mkShell {
      buildInputs = [ pkgs.clearcuttPython313 ];
    };
  };
}
2

Verify & Audit Compliance

Inspect supply chain provenance, run local cryptographic OIDC audits, and review vulnerability gates.

Provenance & signatures

Cryptographically audit OCI identity claims and supply chain gating artifacts.

raw in-toto JSONL

Cryptographic Proof

VERIFIED KEYLESS
Source Repo northcutted/clearcutt
Signing Workflow release.yml
Workflow Ref refs/heads/main
OIDC Issuer token.actions.githubusercontent.com
OIDC Certificate Subject
https://github.com/northcutted/clearcutt/.github/workflows/release.yml@refs/heads/main

Supply Chain Provenance

SLSA LEVEL 3
Builder GitHub Actions (release.yml @ main)
Build Type GitHub Actions Workflow
Predicate Schema SLSA Provenance v1.0
Source Material github.com/northcutted/clearcutt
Commit SHA e132d66 ↗
Non-falsifiable attestation: Passed

Compilation & Gates

GATES PASSED
Nix Compilation
amd64:passed ↗ arm64:passed ↗
SBOM generation
amd64:passed ↗ arm64:passed ↗
Vulnerability gate
amd64:passed ↗ arm64:passed ↗
Gating timestamp: 2026-05-30T18:52

Attestations

4 kinds of evidence for this image. The counts are how many times each was independently signed into the public transparency log — not how many distinct artifacts exist.

52 signed records
Subject ghcr.io/northcutted/clearcutt/clearcutt-python3.13 Digest sha256:eeb81c9f2a0d... index · amd64+arm64 Signed By release.yml @ main keyless ✓
Two ways to verify — pick the ecosystem you know
cosign · OCI Attestation lives with the image in the registry. Verify with cosign verify-attestation.
gh CLI · GitHub GitHub first-party attestation. Verify with gh attestation verify.

The subject above is the multi-arch index (amd64 + arm64). Each architecture's SBOM is attested separately, in both ecosystems — so one SBOM naturally appears as several signed records below. Records also accumulate as the image is rebuilt, with each release re-signing into the transparency log afresh. Every entry is independent and publicly verifiable: click any #index below to inspect it in Sigstore Rekor, or use the copy-paste commands below to verify them locally.

Build provenance slsa.dev/provenance/v1

How and where the image was built — binds this digest to the exact workflow run, commit, and builder.

10× signed
Verify with
Inspect
run ↗ workflow file ↗ asset ↗
Rekor log
#1676935588 ↗#1676235574 ↗#1675885227 ↗
SBOM spdx.dev/Document

Software Bill of Materials — the full inventory of packages baked into the image.

21× signed
Verify with
Inspect
workflow file ↗
Rekor log
#1676935664 ↗#1676935625 ↗#1676235734 ↗
Test results cosign.sigstore.dev/attestation/v1

Signed evidence that the release-gate test suite passed for this exact digest.

20× signed
Verify with
Inspect
workflow file ↗
Rekor log
#1676935531 ↗#1676935506 ↗#1676235491 ↗
Cosign signature sigstore.dev/cosign/sign/v1

The keyless cosign signature statement covering the image index.

signed
Verify with
Inspect
workflow file ↗
Rekor log
#1672931104 ↗

Active Verification Toolkit

Run local cryptographic OIDC audits and generate Kyverno cluster policies to enforce supply chain integrity.

Direct Cryptographic Evidence & Verification

Expected Certificate Subject https://github.com/northcutted/clearcutt/.github/workflows/release.yml@refs/heads/main
Expected Certificate OIDC Issuer https://token.actions.githubusercontent.com
Manifest Index Digest sha256:eeb81c9f2a0deac8f99251ae861e1eb2552c6c516ba78e7b8a9c651303f63773
One-step Audit Command

Run the native compiled Go CLI command locally to verify the registry digest, Sigstore signature, SBOM and test attestations, and SLSA provenance:

clearcutt verify release-evidence \
  --ref ghcr.io/northcutted/clearcutt/clearcutt-python3.13@sha256:eeb81c9f2a0deac8f99251ae861e1eb2552c6c516ba78e7b8a9c651303f63773 \
  --repo northcutted/clearcutt \
  --workflow-identity 'https://github.com/northcutted/clearcutt/.github/workflows/release.yml@refs/heads/main'

1. Inspect Security Metadata

Query deep, high-fidelity security metadata, dynamic entrypoints, non-root user settings, architectures, and release asset URLs. 

clearcutt inspect python3.13-slim --tag v0.6.5

2. Local Policy Gate Verification

Enforce signatures, SBOMs, SLSA provenance, smoke tests, vulnerability limits, and lifecycle constraints locally or in CI pipelines. 

clearcutt verify image python3.13-slim \
  --tag v0.6.5 \
  --require-production \
  --require-signature \
  --require-sbom \
  --require-provenance \
  --max-critical 0 \
  --max-high 5

3. Runtime Conformance Audit

Verify runtime specifications offline, asserting timezone configurations, dynamic links, CA certificate paths, and rootless isolation boundaries. 

clearcutt conformance run \
  --expect-runtime python

4. Scaffold Nix Overlay Graft

Under strict corporate base OS mandates, generate a workspace scaffolding to graft this runtime overlay onto existing host layers. 

clearcutt overlay generate \
  --runtime python3.13 \
  --tier slim \
  --base registry.access.redhat.com/ubi9/ubi-minimal \
  --output my-python3.13-overlay/

1. Verify Keyless OIDC Signature

Confirm this OCI image was built in your official release workflow and signed via keyless OIDC certificates. 

cosign verify ghcr.io/northcutted/clearcutt/clearcutt-python3.13@sha256:eeb81c9f2a0deac8f99251ae861e1eb2552c6c516ba78e7b8a9c651303f63773 \
  --certificate-identity 'https://github.com/northcutted/clearcutt/.github/workflows/release.yml@refs/heads/main' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  --output json

2. Verify Cryptographic SBOM Attestation

Extract and cryptographically verify the compiled package software bill of materials statement. 

cosign verify-attestation ghcr.io/northcutted/clearcutt/clearcutt-python3.13@sha256:eeb81c9f2a0deac8f99251ae861e1eb2552c6c516ba78e7b8a9c651303f63773 \
  --type spdxjson \
  --certificate-identity 'https://github.com/northcutted/clearcutt/.github/workflows/release.yml@refs/heads/main' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  | jq '.payload | @base64d | fromjson | .predicate'

slsa-verifier (SLSA Build L3)

Verify SLSA Build L3 provenance from the configured builder and source ref. 

slsa-verifier verify-image ghcr.io/northcutted/clearcutt/clearcutt-python3.13@sha256:eeb81c9f2a0deac8f99251ae861e1eb2552c6c516ba78e7b8a9c651303f63773 \
  --source-uri 'github.com/northcutted/clearcutt' \
  --source-branch 'main'

GitHub Native Attestation

Audit standard GitHub OCI attestations natively using the GitHub CLI client. 

gh attestation verify oci://ghcr.io/northcutted/clearcutt/clearcutt-python3.13@sha256:eeb81c9f2a0deac8f99251ae861e1eb2552c6c516ba78e7b8a9c651303f63773 \
  --repo northcutted/clearcutt \
  --cert-identity 'https://github.com/northcutted/clearcutt/.github/workflows/release.yml@refs/heads/main' \
  --source-ref refs/heads/main

Admission Control (Kyverno Policy)

Enforce keyless signature and cryptographic SBOM attestation checks in Kubernetes clusters dynamically.

Set cluster behavior on signature check failure
Block pods if they lack a cryptographically signed SPDX SBOM
policy.yaml yaml 
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: verify-clearcutt-python3.13
spec:
  validationFailureAction: Enforce
  webhookTimeoutSeconds: 30
  rules:
    - name: verify-cosign-signature
      match:
        any:
          - resources:
              kinds: [Pod]
      verifyImages:
        - imageReferences: ["ghcr.io/northcutted/clearcutt/clearcutt-python3.13:*"]
          attestors:
            - entries:
                - keyless:
                     subject: "https://github.com/northcutted/clearcutt/.github/workflows/release.yml@refs/heads/main"
                     issuer: "https://token.actions.githubusercontent.com"
          attestations:
            - predicateType: "https://spdx.dev/Document"
              attestors:
                - entries:
                    - keyless:
                        subject: "https://github.com/northcutted/clearcutt/.github/workflows/release.yml@refs/heads/main"
                        issuer: "https://token.actions.githubusercontent.com"
          mutateDigest: true
          verifyDigest: true
          required: true

CVE findings

Last checked Wed, 03 Jun 2026 08:01:03 GMT

0 eligible runtime fix(es)18 total findings
Arch:
Scanner: vulnerability-check18 findings
Filter by Severity:
Layer Scope
View OpenVEX Document
Search findings
18/18 matched
Fix status:ClearCutt can prepare an update when a severe issue affects a package this image adds and a safe fixed version is available.no fix found 5base image 3lower severity 10
Severity · CVE
Risk
Package · why included
Installed
Fix status
3

Deep-Dive & OCI Specifications

Analyze the full Nix store dependency closure, image layer architecture, and OCI configuration labels.

Software Bill of Materials

Every package included in the image's /nix/store closure. Generated from the actual OCI archive at build time and attached as an SPDX SBOM, using the same package inventory as the CVE findings above.

SBOM generated Sat, 30 May 2026 18:52:24 GMT. Toggle between architectures; the package set typically matches but layer hashes differ.

Arch:
28 packages indexedRaw SPDX
Filter by Type:
License:
Search packages
28/28 matched

Layer explorer

Click any layer card in the cohesive OCI stack below to inspect its digest, size, packages, and vulnerability density.

OCI Image Layer Stack (28 layers)total 92.6 MB
Layer
#1 of 28
Position
base
Digest
sha256:4e7000d8df212b70f7a67e6ccfa9ff36d68c66505db036b94139887a7ba7afd7
Size
257.0 B
% of image
0.0%
Cumulative
257.0 B
Pull or Inspect Layer
crane blob ghcr.io/northcutted/clearcutt/clearcutt-python3.13@sha256:4e7000d8df212b70f7a67e6ccfa9ff36d68c66505db036b94139887a7ba7afd7
Layer Security Status✓ SECURE

No known vulnerabilities are introduced by the packages compiled in this specific Nix closure layer.

Image Specifications & Release Ledger

Inspect the static OCI container metadata labels and browse the immutable published release history for this image.

KeyValue
org.opencontainers.image.authors Eddie Northcutt
org.opencontainers.image.description Hardened ClearCutt Base Image for python (3.13) - Tier: slim
org.opencontainers.image.licenses Apache-2.0
org.opencontainers.image.ref.name slim
org.opencontainers.image.source https://github.com/northcutted/clearcutt
org.opencontainers.image.title clearcutt-python-3.13
org.opencontainers.image.url https://github.com/northcutted/clearcutt
org.opencontainers.image.vendor Eddie Northcutt
org.opencontainers.image.version 3.13
Tag Published Archs Packages
v0.8.1 latest Thu, 04 Jun 2026 00:36:30 GMT amd64arm64 28 .intoto.jsonl ↗
v0.8.0 Wed, 03 Jun 2026 01:16:58 GMT amd64arm64 28 .intoto.jsonl ↗
v0.7.2 Sun, 31 May 2026 16:32:29 GMT amd64arm64 28 .intoto.jsonl ↗
v0.7.0 Sun, 31 May 2026 00:59:17 GMT amd64arm64 28 .intoto.jsonl ↗
v0.6.5 Sat, 30 May 2026 19:24:38 GMT amd64arm64 28 .intoto.jsonl ↗
v0.6.4 Sat, 30 May 2026 17:13:43 GMT amd64arm64 28 .intoto.jsonl ↗
v0.6.3 Sat, 30 May 2026 16:09:42 GMT amd64arm64 28 .intoto.jsonl ↗
v0.5.0 Sat, 30 May 2026 03:49:37 GMT amd64arm64 28 .intoto.jsonl ↗
v0.4.1 Fri, 29 May 2026 23:48:33 GMT amd64arm64 28 .intoto.jsonl ↗
v0.2.1 Fri, 29 May 2026 13:44:59 GMT amd64arm64 28 .intoto.jsonl ↗