Categories: RELEASE

Agent Runtime Docker Image Release Strategy

Overview

Step Agent runtime Docker images provide the execution environment for running Agents. These images are separate from the Step Controller and Agent images and are released independently of Step platform releases.

Official Agent Runtime Images

Step provides two types of official agent runtime images from docker.exense.ch/step-enterprise:

1. Basic Agent Runtime Image

A lightweight image containing:

  • Java runtime (Java 21 or Java 25 — see below)
  • OS: debian-12-slim
  • Chromium browser
  • ChromeDriver
  • Ghostscript

This image is suitable for basic browser automation and Java / Dotnet / Nodejs based keywords.

Java version Image name
Java 21 docker.exense.ch/step-enterprise/agent/runtime:latest
Java 25 docker.exense.ch/step-enterprise/agent/runtime-java-25:latest

2. Full Browser Agent Runtime Image

A comprehensive image extending the base one, with the additional content listed below:

  • Official browsers (Chromium, Google-Chrome, Mozilla Firefox and Microsoft Edge)
  • Corresponding WebDrivers (ChromeDriver, GeckoDriver, EdgeDriver)

This image provides support for multiple official browsers, their drivers, and common Step plugin dependencies.

Java version Image name
Java 21 docker.exense.ch/step-enterprise/agent/runtime-extended:latest
Java 25 docker.exense.ch/step-enterprise/agent/runtime-extended-java-25:latest

Independent Release Cycle

Agent runtime images are released independently from the Step platform. This means:

  • Browser and driver updates can be deployed without waiting for a Step release
  • Security patches for browsers can be applied without notice
  • Image versions are not tied to Step platform versions

Image Tagging Strategy

Agent runtime images use their own versioning scheme independent of Step platform versions.

Current Image Names

# Base image — Java 21
docker.exense.ch/step-enterprise/agent/runtime:1.0.2

# Base image — Java 25
docker.exense.ch/step-enterprise/agent/runtime-java-25:1.0.2

# Extended image (all browsers) — Java 21
docker.exense.ch/step-enterprise/agent/runtime-extended:1.0.2

# Extended image (all browsers) — Java 25
docker.exense.ch/step-enterprise/agent/runtime-extended-java-25:1.0.2

For the full list of available versions, see Agent Runtime Images.

Custom Agent Images

A key feature of Step’s agent architecture is the ability to create custom agent images. Starting with Helm Chart 1.2.0, agents use a binaries copy mode, which allows you to:

  • Use custom base Docker images
  • Include additional tools and dependencies
  • Configure specific runtime environments

Choosing the Right Image

When to Use the Basic Image

  • Lightweight deployments
  • Chromium browser is sufficient for your testing needs
  • Faster pull and startup times

When to Use the Full Browser Image

  • Need to test across multiple browsers (Chrome, Firefox, Edge)
  • Official browser compatibility testing
  • Cross-browser automation requirements

When to Use Java 25 Instead of Java 21

Both the basic and extended images are available with either Java 21 or Java 25. Choose Java 25 when:

  • Your keyword code requires Java 25 language features or APIs
  • You want to align the agent runtime with a Step component image built with Java 25 (available from Step 30 / 3.30.0+)
  • Your organisation standardises on Java 25

Java 21 remains the default and is recommended unless you have a specific need for Java 25.

When to Use Your Own Custom Image

You may want to create your own custom agent image when:

  • You need specific tools or libraries not included in the official images
  • You have proprietary dependencies or custom automation frameworks
  • You need a different base OS or specific OS configurations
  • You want to pre-install custom browser extensions or configurations
  • Your testing requires specialized software packages
  • You need to comply with specific security or compliance requirements
  • You want to optimize image size for your specific use case

For details on creating custom agent images, see Creating Custom Agent Images.

Image Updates and Release Schedule

Agent runtime images are updated independently of Step platform releases:

Regular Updates

Runtime images (both base and browsers images) follow a scheduled release cadence:

  • Twice per year: Major updates including functionality improvements and browser updates
    • Typically released in Q2 (April-June) and Q4 (October-December)
  • Updates include the latest browser versions, driver updates, and security patches

Vulnerability Management

Agent runtime images follow a proactive security vulnerability management process:

Vulnerability Scanning

  • Internal scanning: Performed weekly to identify potential security issues
  • Public documentation: Vulnerability status communicated accordingly

Response Process

When a high or critical vulnerability is discovered:

  1. Assessment: Vulnerability is evaluated and prioritized
  2. Fix delivery: If the vulnerability is fixable, a new image with the fix is delivered within 14 days
  3. Release strategy: Follows the same critical security response strategy as the Step platform

This process ensures that security issues are addressed promptly while maintaining image stability.

See Also