buildah is a open source tool which can be used to build OCI compliant container images without using docker engine. It can also be run in a rootless mode, thereby reducing the attack surface area and also inside a container image itself.
You can use buildah
to built container images from existing container images, from Dockerfiles and from scratch (read empty images) as well. OCI images built using buildah
are portable and can be run on different hosts as well with different container engines such as CRI-O, Podman, Docker Engine, etc.