What are Docker Scratch Based Images?
Last Updated :
23 Jul, 2025
Docker scratch-based images refer to images that are built from the scratch base, which is the most minimal base image available in Docker. The scratch image is essentially an empty image, meaning it contains no files or pre-installed libraries, making it a blank slate for building Docker containers.
What is Docker Scratch Based Image ?
A scratch-based image in Docker is like starting from absolute zero. It’s an empty, minimal base image with nothing pre-installed—no operating system, utilities, or libraries. This gives developers complete control over what goes into the container, allowing them to build extremely lightweight, tailored Docker images.
Why Use Scratch-based Images
- Super Lightweight: Since
scratch
starts with nothing, the resulting images are incredibly small, often just a few megabytes or less. This makes them perfect for quick downloads, faster container startups, and reduced storage costs. - No Extras: With a scratch-based image, you only add exactly what’s necessary for your application to run—whether it’s a single binary, custom dependencies, or specific configurations. There are no unnecessary files or utilities bloating the image.
- More Secure: Because the image is so minimal, the attack surface is dramatically reduced. There are fewer components that could have vulnerabilities, making it a more secure choice for production environments.
Where Scratch-based Images are Frequently Used
- Statically Compiled Applications: Scratch-based images are popular for languages like Go or C/C++, where the application is compiled into a self-contained binary. These applications don’t need system libraries or runtime environments, making them a perfect match for scratch images.
- Microservices and Containers in Production: In production environments, especially for microservices, scratch-based images help keep deployments lean and fast. They’re used to create efficient containers where performance, security, and resource savings are critical.
- Optimized Containers: Scratch images are also used in situations where developers want to ship only the bare minimum—no package managers, no shells, no system utilities—just the application itself. This is ideal for small, optimized container environments.
Step-by-Step Guide to Build a Scratch-Based Docker Image
Step 1: Create Your Application (Go Example)
First, you’ll write a simple application to include in the Docker image. We’ll use Go for this example, as it can produce a statically compiled binary that doesn’t require external libraries.
In your project directory, create a file named main.go
with the following code:
package main
import "fmt"
func main() {
fmt.Println("Hello, World!")
}
Step 2: Build the Statically Compiled Binary
To make the Go program work in the scratch
Docker image, we need to build a statically compiled binary.
Run the following command in your terminal:
GOOS=linux GOARCH=amd64 go build -o app
- Output File: This command will create a binary file called
app
in your current directory. This binary will be self-contained and run in the minimal scratch environment.
The GOOS=linux
flag ensures the binary is compiled for Linux (since Docker runs on Linux by default), and GOARCH=amd64
specifies the architecture. The -o app
option specifies that the output binary will be named app
.
Step 3: Create a Dockerfile
The Dockerfile tells Docker how to build the image. In this case, we will use the scratch
image as the base and add the statically compiled binary to the container.
In the same project directory, create a file called Dockerfile
with the following content:
# Start from scratch (minimal base image)
FROM scratch
# Add a label (optional, for metadata)
LABEL maintainer="[email protected]"
# Copy the statically compiled binary to the root of the container
COPY app /app
# Define the command to run when the container starts
CMD ["/app"]
Explanation:
FROM scratch
: This specifies that we’re starting with the empty scratch
image.LABEL maintainer
: Optional metadata for tracking the author or maintainer of the image.COPY app /app
: This copies the binary app
from the build context (your local directory) into the container's root directory.CMD ["/app"]
: This defines the default command that will run when the container starts (our app
binary).
Step 4: Build the Docker Image
Now that you have the Dockerfile
and the binary (app
), you can build the Docker image.
Run this command in the directory containing the Dockerfile
and the binary:
docker build -t hello-world-scratch .
-t hello-world-scratch
: This assigns the tag hello-world-scratch
to the image, which you’ll use to refer to the image..
: This tells Docker to look in the current directory for the Dockerfile
.
Step 5: Run the Docker Container
Now that the image is built, you can run the container to see your program in action.
Run this command to start the container:
docker run --rm hello-world-scratch
- The
--rm
flag ensures that the container is removed after it runs, so it doesn’t take up space. hello-world-scratch
is the name of the image you built earlier.
Step 6: Verify the Size of the Image
One of the main benefits of using scratch
is the minimal size of the image.
To check the size of your image, run:
docker images hello-world-scratch
Conclusion
Creating a scratch-based Docker image allows you to build highly optimized and minimal containers that only include what’s essential for your application. These types of images are perfect for statically compiled binaries, like those created with Go or C, where you don’t need any external dependencies. The key benefits of using scratch-based images are their small size, improved security, and faster deployments. By following the step-by-step guide, you can easily build your own scratch-based Docker images, ensuring that your applications are both lightweight and efficient. This approach is particularly useful for microservices and production environments where performance and security are top priorities.
Similar Reads
DevOps Tutorial DevOps is a combination of two words: "Development" and "Operations." Itâs a modern approach where software developers and software operations teams work together throughout the entire software life cycle.The goals of DevOps are:Faster and continuous software releases.Reduces manual errors through a
7 min read
Introduction
What is DevOps ?DevOps is a modern way of working in software development in which the development team (who writes the code and builds the software) and the operations team (which sets up, runs, and manages the software) work together as a single team.Before DevOps, the development and operations teams worked sepa
10 min read
DevOps LifecycleThe DevOps lifecycle is a structured approach that integrates development (Dev) and operations (Ops) teams to streamline software delivery. It focuses on collaboration, automation, and continuous feedback across key phases planning, coding, building, testing, releasing, deploying, operating, and mon
10 min read
The Evolution of DevOps - 3 Major Trends for FutureDevOps is a software engineering culture and practice that aims to unify software development and operations. It is an approach to software development that emphasizes collaboration, communication, and integration between software developers and IT operations. DevOps has come a long way since its in
7 min read
Version Control
Continuous Integration (CI) & Continuous Deployment (CD)
Containerization
Orchestration
Infrastructure as Code (IaC)
Monitoring and Logging
Microsoft Teams vs Slack Both Microsoft Teams and Slack are the communication channels used by organizations to communicate with their employees. Microsoft Teams was developed in 2017 whereas Slack was created in 2013. Microsoft Teams is mainly used in large organizations and is integrated with Office 365 enhancing the feat
4 min read
Security in DevOps