Project Hummingbird and Calunga are open source projects that help build secure Python application containers with a trusted software supply chain. Project Hummingbird provides hardened, distroless base container images (backed by Red Hat Hardened Images), while Calunga provides verified Python dependency libraries hosted at packages.redhat.com. The tutorial walks through building a simple Flask app container using single-stage and multi-stage Containerfiles, showing how to replace Docker Hub base images with Hummingbird images, adapt Containerfile syntax for shell-less distroless images, and use pip secrets to pull dependencies from the trusted libraries index. A free Red Hat Developer account is sufficient to use these tools, and the resulting containers can run on any OCI-compatible platform.
Table of contents
Prepare your developer environmentA security-focused foundation for your supply chainA Python exampleUsing base images from Project HummingbirdUsing trusted librariesA multi-stage exampleContinuing your security journeySort: