Skip to content

SCONE Curated Images

We provide a set of curated SCONE container images on a (partially private) repositories on Docker hub:

Private images:1

Image Name Description a container image with all the SCONE crosscompilers. a container image that can run dynamically linked applications inside of an enclave. a container image including a python interpreter running inside of an enclave. a container image including a python interpreter running inside of an enclave. MongoDB container image. Vault 0.8.1 container image. Memcached container image. a container image for node running inside an enclave. a container image for nginx running inside an enclave. a container image for Java applications running inside an enclave.

Please send us an email if you need a curated image of another application or a different/newer version of an application. Most of the time, we will be able to provide you an image on short notice.

Login in

Access to some SCONE images is restricted. First, register a free account on Second, log into to our Scontain registry via:

docker login

before you will be able to pull any of the private curated images.

Scone Compilers

To run a local copy of the SCONE (cross-)compilers, just pull the appropriate image on your computer.

Dynamically-Linked Binaries

Even if you have no SGX CPU extension / no SGX driver installed on your computer, you can use a standard gcc compiler - as long as the requirements mentioned in SGX ToolChain are satisfied.

docker pull

Note that the binaries generated with the above image are just native binaries, i.e., they run outside of enclaves. To be able to run the binary inside of an enclave, you need to have installed the SCONE runtime library.

To run a dynamically-linked binary, one needs a special runtime environment. We provide this in form of a (private) container image:

docker pull

Statically-Linked Binaries

To generate statically-linked secure binaries you need a cross compiler. You can pull this image from Docker hub (you need to be granted access rights for that):

docker pull

Scone Hello World

You can pull the following (private) image. This image only runs in hardware mode:

docker pull

You can run on the standard Docker engine - if you have the SGX driver installed. We determine which SGX device to mount with function determine_sgx_device.

> docker run $MOUNT_SGXDEVICE
Hello World

If you do not have the SGX driver installed, you get an error message:

> docker run $MOUNT_SGXDEVICE
docker: Error response from daemon: linux runtime spec devices: error gathering device information while adding custom device "/dev/isgx": no such file or directory.

In this case, install the SGX driver. This installation will fail in case you disabled SGX in the BIOS or your CPU is not SGX-enabled.



  1. Just register a free account on