jekyll
4.4.1-alpineJekyll runtime with native build deps pre-installed. Multi-version retention tracks Jekyll upstream daily.
Trust posture
VERIFIABLE TRUST ARTIFACTS
Provenance
- Build commit
ed67d41- Build digest
-
sha256:44adac36835a8623b78fd2c7dc329de29416ab1146cd3203eafdda3d2456760e - Index digest
-
sha256:d3f2b82aa948787c08637b2a06494b7607f92928bc084094388c58ba251093a7 - Manifest digest (amd64)
-
sha256:37a425e400bf68edf4b256e2734db70d858e1f826788d9854a68e589975f8923 - Manifest digest (arm64)
-
sha256:3dfcc3ffb46a9fca8950476bd3a7bac243b61a858e48b94dab9e8988f08febd1 - SBOM attestation
-
34817633โฆ - Trivy last scan
- 2026-07-10 20:42 UTC
- Base image
- Verify
gh attestation verify oci://ghcr.io/oorabona/jekyll:4.4.1-alpine --owner oorabonaguide โ
Security scan results
Trivy ยท last scan 2026-07-10
Top advisories (upstream, advisory)
- CVE-2026-47242 (WARNING) โ net-imap-0.4.21.gemspec โ Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ...
- CVE-2026-47241 (NOTE) โ net-imap-0.4.21.gemspec โ net-imap: rubygem-net-imap: Net::IMAP: Denial of Service via malformed command input
- CVE-2026-47240 (WARNING) โ net-imap-0.4.21.gemspec โ Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ...
- CVE-2026-42245 (ERROR) โ net-imap-0.4.21.gemspec โ ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses
- CVE-2026-42258 (WARNING) โ net-imap-0.4.21.gemspec โ ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments
โ Full report via gh api โ see Verify Images.
Explore
Build lineagesha256:
Package summary n/a โ runtime parsed
Recent changes n/a โ runtime parsed
Build history n/a โ runtime fetched
Dependency health all up to date
Dependency Health
all up to dateUp-to-date dependencies
Documentation
README
Jekyll
Lightweight Alpine-based container for building and serving Jekyll static sites with live reload support.
Verify this image
Every build ships a Sigstore-signed SBOM and a full Trivy scan โ verify them yourself, no login required:
gh attestation verify oci://ghcr.io/oorabona/jekyll:latest --owner oorabona
Full walkthrough (SBOM payload, Trivy findings, multi-arch manifest inspection, upstream dependency tracking) โ https://oorabona.github.io/docker-containers/verify-images/
Quick Start
Docker Run
# Serve a site with live reload
docker run --rm -it \
-v "$(pwd):/site" \
-p 4000:4000 \
-p 35729:35729 \
ghcr.io/oorabona/jekyll:latest
# Build only (no server)
docker run --rm \
-v "$(pwd):/site" \
ghcr.io/oorabona/jekyll:latest \
build
# Build to custom destination
docker run --rm \
-v "$(pwd):/site" \
ghcr.io/oorabona/jekyll:latest \
build --destination /site/public
Docker Compose
services:
jekyll:
image: ghcr.io/oorabona/jekyll:latest
ports:
- "4000:4000"
- "35729:35729"
volumes:
- ./site:/site
command: ["serve", "--host", "0.0.0.0", "--livereload", "--force_polling"]
Then run:
docker compose up
Site available at: http://localhost:4000
Features
- Ruby 3.3 on Alpine Linux (minimal footprint)
- Jekyll 4.4.1 with live reload
- Bundler for dependency management
- Node.js for JavaScript processing
- Pre-installed plugins:
jekyll-feed- RSS/Atom feed generationjekyll-seo-tag- SEO optimization meta tagsjekyll-sitemap- XML sitemap generation
- WebRick server included
- Git support for themes and plugins
Build Arguments
All dependency versions are pinned for reproducible builds:
| Argument | Default | Description |
|---|---|---|
RUBY_VERSION |
3.3 |
Ruby major version |
ALPINE_VERSION |
3.21 |
Alpine Linux version |
JEKYLL_VERSION |
4.4.1 |
Jekyll core version |
BUNDLER_VERSION |
4.0.6 |
Bundler dependency manager |
WEBRICK_VERSION |
1.9.2 |
WebRick HTTP server |
JEKYLL_FEED_VERSION |
0.17.0 |
RSS/Atom feed plugin |
JEKYLL_SEO_TAG_VERSION |
2.8.0 |
SEO meta tags plugin |
JEKYLL_SITEMAP_VERSION |
1.4.0 |
Sitemap generation plugin |
Ports
| Port | Purpose |
|---|---|
4000 |
Jekyll development server |
35729 |
LiveReload websocket |
Volumes
Mount your Jekyll site directory to /site:
-v "$(pwd):/site"
Directory Structure
your-site/
โโโ _config.yml # Jekyll configuration
โโโ _posts/ # Blog posts
โโโ _layouts/ # HTML templates
โโโ _includes/ # Reusable components
โโโ assets/ # CSS, JS, images
โโโ Gemfile # Additional gem dependencies
โโโ _site/ # Generated output (auto-created)
Using a Gemfile
If your site requires additional gems, create a Gemfile:
source 'https://rubygems.org'
gem 'jekyll', '~> 4.4'
gem 'jekyll-theme-minimal'
gem 'jekyll-paginate'
The container will automatically run bundle install if it detects a Gemfile.
Security
Volume Permissions
The container runs as root by default for volume mount compatibility. For production deployments:
# Run as specific user (match host UID)
docker run --user $(id -u):$(id -g) \
-v "$(pwd):/site" \
ghcr.io/oorabona/jekyll:latest build
Production Deployment
For serving Jekyll sites in production:
- Build static files locally:
docker run --rm -v "$(pwd):/site" ghcr.io/oorabona/jekyll:latest build - Serve with a dedicated web server:
Use nginx, Apache, or a CDN to serve the
_site/directory. The Jekyll container is intended for development only.
Network Security
- Bind to
127.0.0.1for local-only access:-p 127.0.0.1:4000:4000 - Never expose port
4000to the public internet - Use environment-specific
_config.ymlfiles to prevent sensitive data leaks
Dependencies
All Ruby gem versions are pinned and monitored for updates:
| Gem | Version | Purpose |
|---|---|---|
| bundler | 4.0.6 | Dependency management |
| webrick | 1.9.2 | HTTP server |
| jekyll-feed | 0.17.0 | RSS/Atom feed generation |
| jekyll-seo-tag | 2.8.0 | SEO meta tags |
| jekyll-sitemap | 1.4.0 | XML sitemap generation |
Adding Custom Dependencies
Use a Gemfile in your site directory to add gems not included in the image:
# Gemfile
source 'https://rubygems.org'
gem 'jekyll', '~> 4.4'
gem 'jekyll-theme-cayman'
gem 'jekyll-redirect-from'
gem 'jemoji'
The container will install these automatically on startup.
Architecture
jekyll/
โโโ Dockerfile # Alpine-based build
โโโ config.yaml # Dependency versions
โโโ version.sh # Upstream version checker
โโโ docker-compose.yml # Local development setup
โโโ README.md # This file
Build Process
The Dockerfile uses a single-stage build:
- Start from
ruby:{RUBY_VERSION}-alpine{ALPINE_VERSION} - Install build dependencies (build-base, git, nodejs)
- Install Jekyll and plugins at pinned versions
- Remove build dependencies to reduce image size
- Set working directory to
/site - Configure default command:
serve --host 0.0.0.0 --livereload
Building Locally
# Build with default versions
./make build jekyll
# Build with specific Jekyll version
./make build jekyll 4.4.1
# Build with custom arguments
docker build \
--build-arg JEKYLL_VERSION=4.4.0 \
--build-arg RUBY_VERSION=3.2 \
-t jekyll:custom .
Version Management
# Check current version
cd jekyll && ./version.sh
# Check latest upstream version
cd jekyll && ./version.sh latest
# JSON output for automation
cd jekyll && ./version.sh --json
Links
- Jekyll Documentation: https://jekyllrb.com/docs/
- Docker Hub: https://hub.docker.com/r/oorabona/jekyll
- GitHub Container Registry: https://ghcr.io/oorabona/jekyll
- Source Repository: https://github.com/oorabona/docker-containers
- Issue Tracker: https://github.com/oorabona/docker-containers/issues