Catalog | build with confidence

openjdk17-jme-fips

latest

An OpenJDK 17 JME FIPS image providing the Java 17 Micro Edition environment for embedded and constrained devices with FIPS support

Getting Started

To pull the image:

docker pull registry.hardened.eu/library/openjdk17-jme-fips:latest

Example: Compiling a Minimal Application

Here’s how to build and run a simple Java application using the Hardened B.V. openjdk17-jme-fips image:

cat >HelloWorld.java <<EOL
class HelloWorld {
    public static void main(String args[]) {
        System.out.println("Hello Hardened B.V. users!");
    }
}
EOL

Create a multi-stage Dockerfile, compile with the JDK-image:

cat >Dockerfile <<EOL
FROM registry.hardened.eu/library/openjdk17-jdk-fips:latest as dev
COPY HelloWorld.java HelloWorld.java
RUN javac HelloWorld.java

FROM registry.hardened.eu/library/openjdk17-jme-fips:latest
COPY --from=dev /home/hardenedeu/HelloWorld.class .
CMD ["java", "HelloWorld"]
EOL

Build and run the image:

docker build -t my-java-app .
docker run my-java-app

Expected output:

Hello Hardened B.V. users!

Verifying Image Signatures

All Hardened B.V. images are signed using cosign. You can verify the signature using the following steps:

Save the public key:

cat >hardened.pub <<EOL
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEbxhUFlXkIIbDzdRAR9rc6kDPNb+k
J48lhqqlOMyiq3jkbKXNj2sEFMduFlNh63MrZA59PKf4TjS1AiCrvaFXNA==
-----END PUBLIC KEY-----
EOL

Verify the image signature:

cosign verify --key hardened.pub registry.hardened.eu/library/openjdk17-jme-fips:latest

The verification will show the signature details and confirm the image’s authenticity.

To verify the SBOM, run the following command:

cosign verify-attestation --type spdxjson --key hardened.pub registry.hardened.eu/library/openjdk17-jme-fips:latest

To download the SBOM, run the same command and decode it:

cosign verify-attestation --type spdxjson --key hardened.pub registry.hardened.eu/library/openjdk17-jme-fips:latest | jq -r .payload | base64 -d | jq -r .predicate > openjdk17-jme-fips-spdx.json

Trademarks

This software is packaged by Hardened B.V. All trademarks are property of their respective owners. Use of these images does not imply any affiliation or endorsement.

The latest tag is only public. Contact us for detailed information.

Hash	Tag	Size (compressed)	Last updated	Actions
sha256:cff54f2e38cfc...	latest x86_64	33.55 MB	14:06:29 19/08/2025 UTC (Calculating...)
••••••••••••	••••••••••••	••••••••••••	••••••••••••	Contact Hardened

Showing 13 packages

Package	Version	License
alpine-os-release	3.22-r2	MIT
bc-fips	2.1.0	-
bcpkix-fips	2.1.9	-
bctls-fips	2.1.20	-
bcutil-fips	2.1.4	-
bouncycastle-fja	2.1.0.0-r0	MIT
jrt-fs	17.0.15	-
libcrypto3	3.5.2-r0	Apache-2.0
libssl3	3.5.2-r0	Apache-2.0
musl	1.2.5-r10	MIT
openjdk17-jme	17.0.15.6.0-r0	GPL-2.0-with-classpath-exception
openssl	3.5.2-r0	Apache-2.0
openssl-fips-provider	3.1.2-r0	Apache-2.0

	CVE	Severity	Package	Version	Fixed In
	GHSA-jfcv-jv9g-2vx2	Medium	bc-fips	2.1.0	2.1.1
Bouncy Castle for Java has Uncontrolled Resource Consumption Vulnerability CVE: GHSA-jfcv-jv9g-2vx2 Package: bc-fips Version: 2.1.0 Severity: MEDIUM Fixed In: 2.1.1
	GHSA-g6rx-6wfx-gj74	Low	bc-fips	2.1.0	2.1.1
Bouncy Castle for Java has Out-of-Bounds Write Vulnerability CVE: GHSA-g6rx-6wfx-gj74 Package: bc-fips Version: 2.1.0 Severity: LOW Fixed In: 2.1.1
	GHSA-v6cf-mv9h-c8mc	Low	bc-fips	2.1.0	2.1.1
Bouncy Castle for Java Uncontrolled Resource Consumption Vulnerability CVE: GHSA-v6cf-mv9h-c8mc Package: bc-fips Version: 2.1.0 Severity: LOW Fixed In: 2.1.1

openjdk17-jme-fips

APACHE-2.0 (permissive)

GPL-2.0 (strong-copyleft)

MIT (permissive)

Compare Images