# glibc and musl support in Docker Hardened Images


Docker Hardened Images (DHI) are built to prioritize security without
sacrificing compatibility with the broader open source and enterprise software
ecosystem. A key aspect of this compatibility is support for common Linux
standard libraries: `glibc` and `musl`.

## What are glibc and musl?

When you run Linux-based containers, the image's C library plays a key role in
how applications interact with the operating system. Most modern Linux
distributions rely on one of the following standard C libraries:

- `glibc` (GNU C Library): The standard C library on mainstream distributions
  like Debian, Ubuntu, and Red Hat Enterprise Linux. It is widely supported and
  typically considered the most compatible option across languages, frameworks,
  and enterprise software.

- `musl`: A lightweight alternative to `glibc`, commonly used in minimal
  distributions like Alpine Linux. While it offers smaller image sizes and
  performance benefits, `musl` is not always fully compatible with software that
  expects `glibc`.

## DHI compatibility

DHI images are available in both `glibc`-based (e.g., Debian) and `musl`-based
(e.g., Alpine) variants. For enterprise applications and language runtimes where
compatibility is critical, we recommend using DHI images based on glibc.

## What to choose, glibc or musl?

Docker Hardened Images are available in both glibc-based (Debian) and musl-based
(Alpine) variants, allowing you to choose the best fit for your workload.

Choose Debian-based (`glibc`) images if:

- You need broad compatibility with enterprise workloads, language runtimes, or
  proprietary software.
- You're using ecosystems like .NET, Java, or Python with native extensions that
  depend on `glibc`.
- You want to minimize the risk of runtime errors due to library
  incompatibilities.

Choose Alpine-based (`musl`) images if:

- You want a minimal footprint with smaller image sizes and reduced surface
  area.
- You're building a custom or tightly controlled application stack where
  dependencies are known and tested.
- You prioritize startup speed and lean deployments over maximum compatibility.

If you're unsure, start with a Debian-based image to ensure compatibility, and
evaluate Alpine once you're confident in your application's dependencies.