SLE BCI Documentation
GitHubToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage
Edit page

Introduction to SLE Base Container Images

SLE Base Container Image (SLE BCI) are minimal SUSE Linux Enterprise Server 15-based images that you can use to develop, deploy, and share applications. There are two types of SLE BCI:

  • General-purpose SLE BCI can be used for building custom container images and for deploying applications.

  • Language stack SLE BCI provide environments for developing and deploying applications in specific programming languages.

In addition to that, we will provide Application Container Images based on SLE BCI featuring popular containerized applications like Nginx, PostgreSQL, MariaDB and RMT.


  • SLE BCI are fully compatible with SUSE Linux Enterprise Server, but they do not require a subscription to run and distribute them.

  • SLE BCI automatically run in FIPS-compatible mode when the host operating system is running in FIPS mode.

  • Each SLE BCI includes the RPM database, which makes it possible to audit the contents of the container image. You can use the RPM database to determine the specific version of the RPM package any given file belongs to. This allows you to ensure that a container image is not susceptible to known and already fixed vulnerabilities.

  • All SLE BCI (except for those without zypper) come with the container-suseconnect service. This gives containers that run on a registered SLES host access to the full SLES repositories. container-suseconnect is invoked automatically when you run zypper for the first time, and the service adds the correct SLES repositories into the running container. On an unregistered SLES host or on a non-SLES host, the service does nothing.

General-purpose SLE BCI

There are four general purpose SLE BCI, and each container image comes with a minimum set of packages to keep its size low. You can use a general purpose SLE BCI either as a starting point for building custom container images, or as a platform for deploying specific software. For more information about general purpose SLE BCI, see here.

Language stack SLE BCI

Language stack SLE BCI are built on top of the BCI-Base general-purpose SLE BCI. Each container image comes with the zypper stack and the free SLE_BCI repository. Additionally, each image includes most common tools for building and deploying applications in the specific language environment. This includes tools like a compiler or interpreter as well as the language specific package manager. For more information about language stack SLE BCI, see here.

Important note on status and lifecycle

All container images, except for bci-base, are currently classified as tech preview, and SUSE doesn’t provide official support for them. This information is visible on the web on In addition to that, it is also indicated via the com.suse.supportlevel label whether a container image still has the tech preview status. You can use the skopeo and jq utilities to check the status of the desired SLE BCI as follows:

❯ skopeo inspect docker:// | jq '.Labels["com.suse.supportlevel"]'

❯ skopeo inspect docker:// | jq '.Labels["com.suse.supportlevel"]'

In the example above, the com.suse.supportlevel label is set to techpreview in the bci-micro container image, indicating that the image still has the tech preview status. The bci-base container image on the other hand is fully l3 supported. Unlike like the general purpose SLE BCI, the language stack SLE BCI may not follow the lifecycle of the SLE distribution: they are supported as long as the respective language stack receives support. In other words, new versions of SLE BCI (indicated by the OCI tags) may be released during the lifecycle of a SLE Service Pack, while older versions may become unsupported. Refer to to find out whether the container in question is still under support.

Getting started

The SLE BCI are available as OCI-compatible container images directly from and can be used like any other container image. For example, using one of the general purpose containers:

❯ docker run --rm -it grep '^NAME' /etc/os-release
❯ podman run --rm -it grep '^NAME' /etc/os-release
❯ nerdctl run --rm -it grep '^NAME' /etc/os-release

Alternatively, you can use SLE BCI in a Dockerfile as follows:

RUN zypper -n in python3 && \
    echo "Hello Green World!" > index.html
ENTRYPOINT ["/usr/bin/python3", "-m", "http.server"]

You can then build container images using your favorite container runtime:

❯ docker build .
Sending build context to Docker daemon  2.048kB
Step 1/4 : FROM
 ---> e34487b4c4e1
Step 2/4 : RUN zypper -n in python3 &&     echo "Hello Green World!" > index.html
 ---> Using cache
 ---> 9b527dfa45e8
Step 3/4 : ENTRYPOINT ["/usr/bin/python3", "-m", "http.server"]
 ---> Using cache
 ---> 953080e91e1e
Step 4/4 : EXPOSE 8000
 ---> Using cache
 ---> 48b33ec590a6
Successfully built 48b33ec590a6

❯ docker run -p 8000:8000 --rm -d 48b33ec590a6

❯ curl localhost:8000
Hello Green World!
❯ buildah bud --layers .
STEP 2/4: RUN zypper -n in python3 &&     echo "Hello Green World!" > index.html
--> Using cache 8541a01ef66f1e43f850d30d756628fe301ae0ffe09dd3918d7e64d6e1788a3a
--> 8541a01ef66
STEP 3/4: ENTRYPOINT ["/usr/bin/python3", "-m", "http.server"]
--> Using cache 61cccdaa38aab5a44b0ef24935f4aa671f3231b611e0fa45c32ce869da6f9461
--> 61cccdaa38a
STEP 4/4: EXPOSE 8000
--> Using cache 3e93a763b2d0a56ffe70429ca05a110288a868b46b92f47c1609a1129d058383
--> 3e93a763b2d

❯ podman run --rm -d -p 8000:8000 3e93a763b2d0a56ffe70429ca05a110288a868b46b92f47c1609a1129d058383

❯ curl localhost:8000

Hello Green World!