marklogic · vitalykorolev · Feb 26, 2026 · Feb 26, 2026 · Feb 27, 2026
diff --git a/Jenkinsfile b/Jenkinsfile
diff --git a/Makefile b/Makefile
@@ -1,8 +1,8 @@
-# Copyright © 2018-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
+# Copyright © 2018-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
 dockerTag?=internal
 package?=MarkLogic.rpm
 repo_dir=marklogic
-docker_build_options=--compress --platform linux/amd64
+docker_build_options=--compress
 build_branch?=local
 docker_image_type?=ubi
 upgrade_docker_image_type?=ubi
@@ -11,13 +11,31 @@ current_image?=${repo_dir}/marklogic-server-${docker_image_type}:${dockerTag}
 # Latest release tag can be found here: https://github.com/ComplianceAsCode/content/releases
 open_scap_version?=0.1.79
 
+#***************************************************************************
+# set docker platform based on the docker image type
+#***************************************************************************
+ifeq ($(findstring arm,$(docker_image_type)),arm)
+	docker_build_options += --platform linux/arm64
+	export DOCKER_PLATFORM=linux/arm64
+else
+	docker_build_options += --platform linux/amd64
+	export DOCKER_PLATFORM=linux/amd64
+endif
+
 #***************************************************************************
 # build docker image
 #***************************************************************************
 build:
 # NOTICE file need to be in the build context to be included in the built image
 	cp NOTICE.txt src/NOTICE.txt
 
+# Install ARM64 emulation support on Linux (assuming Jenkins environment which is not aarch64)
+ifeq ($(findstring arm,$(docker_image_type)),arm)
+ifeq ($(shell uname -s),Linux)
+	docker run --privileged --rm tonistiigi/binfmt --install arm64
+endif
+endif
+
 # rootless images use the same dependencies as ubi image so we copy the file
 ifeq ($(docker_image_type),ubi9)
 	cp dockerFiles/marklogic-server-ubi\:base dockerFiles/marklogic-server-ubi9\:base
@@ -27,10 +45,15 @@ ifeq ($(findstring rootless,$(docker_image_type)),rootless)
 	cp dockerFiles/marklogic-deps-ubi9\:base dockerFiles/marklogic-deps-ubi9-rootless\:base
 	cp dockerFiles/marklogic-server-ubi-rootless\:base dockerFiles/marklogic-server-ubi9-rootless\:base
 endif
+# ubi9-rootless-arm needs deps from ubi9-arm and server template from ubi-rootless
+ifeq ($(docker_image_type),ubi9-rootless-arm)
+	cp dockerFiles/marklogic-deps-ubi9-arm\:base dockerFiles/marklogic-deps-ubi9-rootless-arm\:base
+	cp dockerFiles/marklogic-server-ubi-rootless\:base dockerFiles/marklogic-server-ubi9-rootless-arm\:base
+endif
 
 # retrieve and copy open scap hardening script
 ifeq ($(findstring rootless,$(docker_image_type)),rootless)
-	[ -f scap-security-guide-${open_scap_version}.zip ] || curl -Lo scap-security-guide-${open_scap_version}.zip https://github.com/ComplianceAsCode/content/releases/download/v${open_scap_version}/scap-security-guide-${open_scap_version}.zip
+	[ -f scap-security-guide-${open_scap_version}.zip ] || curl -Lso scap-security-guide-${open_scap_version}.zip https://github.com/ComplianceAsCode/content/releases/download/v${open_scap_version}/scap-security-guide-${open_scap_version}.zip
 #UBI9 needs a different version of the remediation script
 ifeq ($(findstring ubi9,$(docker_image_type)),ubi9)
 	unzip -p scap-security-guide-${open_scap_version}.zip scap-security-guide-${open_scap_version}/bash/rhel9-script-cis.sh > src/rhel-script-cis.sh
@@ -45,7 +68,7 @@ endif
 	cd src/; docker build ${docker_build_options} -t "${repo_dir}/marklogic-server-${docker_image_type}:${dockerTag}" --build-arg BASE_IMAGE=${repo_dir}/marklogic-deps-${docker_image_type}:${dockerTag} --build-arg ML_RPM=${package} --build-arg ML_USER=marklogic_user --build-arg ML_DOCKER_VERSION=${dockerVersion} --build-arg ML_VERSION=${marklogicVersion} --build-arg ML_CONVERTERS=${converters} --build-arg BUILD_BRANCH=${build_branch} --build-arg ML_DOCKER_TYPE=${docker_image_type} -f ../dockerFiles/marklogic-server-${docker_image_type}:base .
 
 # remove temporary files
-	rm -f dockerFiles/marklogic-deps-ubi-rootless\:base dockerFiles/marklogic-deps-ubi9-rootless\:base dockerFiles/marklogic-server-ubi9-rootless\:base dockerFiles/marklogic-server-ubi9\:base src/NOTICE.txt src/rhel-script-cis.sh
+	rm -f dockerFiles/marklogic-deps-ubi-rootless\:base dockerFiles/marklogic-deps-ubi9-rootless\:base dockerFiles/marklogic-server-ubi9-rootless\:base dockerFiles/marklogic-server-ubi9\:base dockerFiles/marklogic-deps-ubi9-rootless-arm\:base dockerFiles/marklogic-server-ubi9-rootless-arm\:base src/NOTICE.txt src/rhel-script-cis.sh
 
 #***************************************************************************
 # strcture test docker images
@@ -133,15 +156,21 @@ endif
 # security scan docker images
 #***************************************************************************
 scap-scan:
+	# Clean up any existing scap-scan container from previous runs
+	docker rm -f scap-scan 2>/dev/null || true
 	mkdir -p scap
-	[ -f scap-security-guide-${open_scap_version}.zip ] || curl -Lo scap-security-guide-${open_scap_version}.zip https://github.com/ComplianceAsCode/content/releases/download/v${open_scap_version}/scap-security-guide-${open_scap_version}.zip
+	[ -f scap-security-guide-${open_scap_version}.zip ] || curl -Lso scap-security-guide-${open_scap_version}.zip https://github.com/ComplianceAsCode/content/releases/download/v${open_scap_version}/scap-security-guide-${open_scap_version}.zip
 #UBI9 needs a different version of the evaluation profile
 ifeq ($(findstring ubi9,$(current_image)),ubi9)
 	unzip -p scap-security-guide-${open_scap_version}.zip scap-security-guide-${open_scap_version}/ssg-rhel9-ds.xml > scap/ssg-rhel-ds.xml
 else
 	unzip -p scap-security-guide-${open_scap_version}.zip scap-security-guide-${open_scap_version}/ssg-rhel8-ds.xml > scap/ssg-rhel-ds.xml
 endif
-	docker run -itd --name scap-scan -v $(PWD)/scap:/scap ${current_image}
+	docker run -itd --name scap-scan --entrypoint /bin/bash -v $(PWD)/scap:/scap ${current_image} -c "sleep infinity"
+	# Wait a moment for container to be fully up
+	sleep 2
+	# Verify container is running
+	docker ps | grep scap-scan || (docker logs scap-scan; exit 1)
 	docker exec -u root scap-scan /bin/bash -c "microdnf update -y; microdnf install -y openscap-scanner"
 	# ensure the file is owned by root in order to avoid permission issues
 	docker exec -u root scap-scan /bin/bash -c "chown root:root /scap/ssg-rhel-ds.xml"

diff --git a/NOTICE.txt b/NOTICE.txt
@@ -1,6 +1,6 @@
 MarkLogic® Docker Container Image v2
 
-Copyright © 2018-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
+Copyright © 2018-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
 
 This project is licensed under the Apache License, Version 2.0 (the "License"); you may not use this project except in compliance with the License. You may obtain a copy of the License at
 

diff --git a/dockerFiles/marklogic-deps-ubi9-arm:base b/dockerFiles/marklogic-deps-ubi9-arm:base
@@ -0,0 +1,29 @@
+###############################################################
+#
+#   Copyright © 2018-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
+#
+###############################################################
+
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.7-1771346502
+LABEL "com.marklogic.maintainer"="docker@marklogic.com"
+
+###############################################################
+# install libnsl rpm package
+###############################################################
+
+RUN microdnf -y update \
+    && rpm -i https://download.rockylinux.org/pub/rocky/9/BaseOS/aarch64/os/Packages/l/libnsl-2.34-231.el9_7.10.aarch64.rpm
+
+###############################################################
+# install networking, base deps and tzdata for timezone
+###############################################################
+# hadolint ignore=DL3006
+RUN echo "NETWORKING=yes" > /etc/sysconfig/network \
+    && microdnf -y install --setopt install_weak_deps=0 gdb nss libtool-ltdl cpio tzdata util-linux hostname \
+    && microdnf clean all
+
+
+###############################################################
+# Enable FIPS Mode
+###############################################################
+RUN update-crypto-policies --set FIPS
diff --git a/dockerFiles/marklogic-deps-ubi9:base b/dockerFiles/marklogic-deps-ubi9:base
@@ -1,10 +1,10 @@
 ###############################################################
 #
-#   Copyright © 2018-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
+#   Copyright © 2018-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
 #
 ###############################################################
 
-FROM registry.access.redhat.com/ubi9/ubi-minimal:9.7-1764794109
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.7-1771346502
 LABEL "com.marklogic.maintainer"="docker@marklogic.com"
 
 ###############################################################

diff --git a/dockerFiles/marklogic-deps-ubi:base b/dockerFiles/marklogic-deps-ubi:base
@@ -1,10 +1,10 @@
 ###############################################################
 #
-#   Copyright © 2018-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
+#   Copyright © 2018-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
 #
 ###############################################################
 
-FROM registry.access.redhat.com/ubi8/ubi-minimal:8.10-1765178706
+FROM registry.access.redhat.com/ubi8/ubi-minimal:8.10-1771947229
 LABEL "com.marklogic.maintainer"="docker@marklogic.com"
 
 # MarkLogic version passed from build to enable conditional deps

diff --git a/dockerFiles/marklogic-server-ubi-rootless:base b/dockerFiles/marklogic-server-ubi-rootless:base
@@ -59,9 +59,15 @@ RUN touch /etc/marklogic.conf \
 # Add TINI to serve as PID 1 process
 ###############################################################
 ENV TINI_VERSION=v0.19.0
-ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini
-RUN chown ${ML_USER}:users /tini \
-    && chmod +x /tini
+ARG ML_DOCKER_TYPE=ubi
+RUN if [ "${ML_DOCKER_TYPE}" = "ubi9-rootless-arm" ]; then \
+        TINI_BIN="tini-arm64"; \
+    else \
+        TINI_BIN="tini"; \
+    fi && \
+    curl -fsSL https://github.com/krallin/tini/releases/download/${TINI_VERSION}/${TINI_BIN} -o /tini && \
+    chown ${ML_USER}:users /tini && \
+    chmod +x /tini
 
 ###############################################################
 # second stage for flattening layers
@@ -149,7 +155,7 @@ RUN touch /.dockerenv \
 ###############################################################
 WORKDIR /
 COPY ${ML_CONVERTERS} /tmp/converters.rpm
-RUN chown ${ML_USER}:users /tmp/converters.rpm
+RUN if [ -s /tmp/converters.rpm ]; then chown ${ML_USER}:users /tmp/converters.rpm; else rm -f /tmp/converters.rpm; fi
 
 ###############################################################
 # Remove optional packages that have known vulnerabilities

diff --git a/dockerFiles/marklogic-server-ubi9-arm:base b/dockerFiles/marklogic-server-ubi9-arm:base
@@ -0,0 +1,151 @@
+###############################################################
+#
+#   Copyright © 2018-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
+#
+###############################################################
+
+ARG BASE_IMAGE=marklogic-ubi/marklogic-deps-ubi9-arm:11-internal
+FROM ${BASE_IMAGE} AS builder
+
+###############################################################
+# set build args
+###############################################################
+
+ARG ML_RPM=marklogic.rpm
+ARG ML_USER="marklogic_user"
+ARG ML_VERSION=11-internal
+ARG ML_CONVERTERS=marklogic.converters
+####################################################
+# inject init, start and clustering scripts
+###############################################################
+
+COPY scripts/start-marklogic.sh /usr/local/bin/start-marklogic.sh
+
+###############################################################
+# install MarkLogic server, sudo, and remove mlcmd packages
+###############################################################
+COPY ${ML_RPM} /tmp/marklogic-server.rpm
+RUN rpm -i /tmp/marklogic-server.rpm \
+    && rm /tmp/marklogic-server.rpm \
+    && microdnf -y install --setopt install_weak_deps=0 sudo \
+    && microdnf -y clean all \
+    && rm -rf ./opt/MarkLogic/mlcmd/lib/* \
+    && rm -rf ./opt/MarkLogic/mlcmd/ext/*
+
+###############################################################
+# Add TINI to serve as PID 1 process
+###############################################################
+ENV TINI_VERSION=v0.19.0
+ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-arm64 /tini
+RUN chmod +x /tini
+
+###############################################################
+# Copy converters package 
+###############################################################
+WORKDIR /
+COPY ${ML_CONVERTERS} converters.rpm
+###############################################################
+# create system user
+###############################################################
+
+RUN adduser --gid users --uid 1000 ${ML_USER} \
+    && echo ${ML_USER}" ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
+
+###############################################################
+# second stage for flattening layers
+###############################################################
+FROM ${BASE_IMAGE}
+
+COPY --from=builder / /
+
+ARG ML_USER="marklogic_user"
+ARG ML_VERSION=11-internal
+ARG ML_DOCKER_VERSION=local
+ARG BUILD_BRANCH=local
+ARG ML_DOCKER_TYPE=ubi
+###############################################################
+# define docker labels
+###############################################################
+
+LABEL "com.marklogic.maintainer"="docker@marklogic.com"
+LABEL "com.marklogic.name"="MarkLogic Server ${ML_VERSION}"
+LABEL "com.marklogic.docker-version"="${ML_DOCKER_VERSION}"
+LABEL "com.marklogic.release-version"="${ML_VERSION}"
+LABEL "com.marklogic.build-branch"="${BUILD_BRANCH}"
+LABEL "com.marklogic"="MarkLogic"
+LABEL "com.marklogic.release-type"="production"
+LABEL "com.marklogic.license"="MarkLogic EULA"
+LABEL "com.marklogic.license.description"="By subscribing to this product, you agree to the terms and conditions outlined in MarkLogic's End User License Agreement (EULA) here https://developer.marklogic.com/eula "
+LABEL "com.marklogic.license.url"="https://developer.marklogic.com/eula"
+LABEL "com.marklogic.description"="MarkLogic is the only Enterprise NoSQL database. It is a new generation database built with a flexible data model to store, manage, and search JSON, XML, RDF, and more - without sacrificing enterprise features such as ACID transactions, certified security, backup, and recovery. With these capabilities, MarkLogic is ideally suited for making heterogeneous data integration simpler and faster, and for delivering dynamic content at massive scale. The current release of the MarkLogic Server Developer Docker image includes all features and is limited to developer use."
+LABEL docker.cmd="docker run -it -p 7997-8010:7997-8010 -e MARKLOGIC_INIT=true -e MARKLOGIC_ADMIN_USERNAME=<INSERT USERNAME> -e MARKLOGIC_ADMIN_PASSWORD=<INSERT PASSWORD> --mount src=MarkLogic,dst=/var/opt/MarkLogic progressofficial/marklogic-db:${ML_VERSION}"
+
+###############################################################
+# copy notice file
+###############################################################
+COPY --chown=${ML_USER}:users NOTICE.txt /home/${ML_USER}/NOTICE.txt
+
+###############################################################
+# set env vars
+###############################################################
+
+ENV MARKLOGIC_INSTALL_DIR=/opt/MarkLogic  \
+    MARKLOGIC_DATA_DIR=/var/opt/MarkLogic \
+    MARKLOGIC_USER=${ML_USER} \
+    MARKLOGIC_PID_FILE=/var/run/MarkLogic.pid  \
+    MARKLOGIC_UMASK=022 \
+    LD_LIBRARY_PATH=/lib64:$LD_LIBRARY_PATH:/opt/MarkLogic/lib \
+    MARKLOGIC_VERSION="${ML_VERSION}" \
+    MARKLOGIC_DOCKER_VERSION="${ML_DOCKER_VERSION}" \
+    MARKLOGIC_IMAGE_TYPE="$ML_DOCKER_TYPE" \
+    MARKLOGIC_BOOTSTRAP_HOST=bootstrap \
+    MARKLOGIC_ADMIN_USERNAME_FILE=mldb_admin_user \
+    MARKLOGIC_ADMIN_PASSWORD_FILE=mldb_password_user \
+    MARKLOGIC_WALLET_PASSWORD_FILE=mldb_wallet_password \
+    BUILD_BRANCH=${BUILD_BRANCH} \
+    MARKLOGIC_JOIN_TLS_ENABLED=false \
+    OVERWRITE_ML_CONF=true \
+    MARKLOGIC_EC2_HOST=0
+
+################################################################
+# Set Timezone
+################################################################
+
+RUN microdnf -y reinstall tzdata
+
+###############################################################
+# Remove optional packages that have known vulnerabilities
+###############################################################
+RUN for package in vim-minimal cups-client cups-libs tar python3-pip-wheel platform-python python3-libs platform-python-setuptools avahi-libs binutils expat libarchive python3 python3-libs python-unversioned-command binutils-gold; \
+    do rpm -e --nodeps $package || true; \
+    done;
+
+###############################################################
+# expose MarkLogic server ports
+###############################################################
+
+EXPOSE 25 7997-8010
+
+###############################################################
+# set system user
+###############################################################
+
+USER ${ML_USER}
+
+####################################################
+# Set Linux Language Settings
+###############################################################
+
+ENV LANG=en_US.UTF-8
+ENV LC_ALL=C.UTF-8
+
+###############################################################
+# define volume for persistent MarkLogic server data
+###############################################################
+
+VOLUME /var/opt/MarkLogic
+
+###############################################################
+# set entrypoint
+###############################################################
+ENTRYPOINT ["/tini", "--", "/usr/local/bin/start-marklogic.sh"]
diff --git a/test/docker-tests.robot b/test/docker-tests.robot
@@ -124,6 +124,7 @@ Initialized MarkLogic container with latency
 
 Upgrade MarkLogic container
     Skip If  'rootless' in '${IMAGE_TYPE}'  msg = Skipping Upgrade MarkLogic test for rootless image
+    Skip If  'arm' in '${IMAGE_TYPE}'  msg = Skipping Upgrade MarkLogic test for ARM image
     Create test container with    -e    MARKLOGIC_INIT=true
 ...                               -e    MARKLOGIC_ADMIN_USERNAME=${DEFAULT ADMIN USER}
 ...                               -e    MARKLOGIC_ADMIN_PASSWORD=${DEFAULT ADMIN PASS}
@@ -148,6 +149,7 @@ Upgrade MarkLogic container
 
 Upgrade MarkLogic container with init parameter
     Skip If  'rootless' in '${IMAGE_TYPE}'  msg = Skipping Upgrade MarkLogic test for rootless image
+    Skip If  'arm' in '${IMAGE_TYPE}'  msg = Skipping Upgrade MarkLogic test for ARM image
     Create test container with    -e    MARKLOGIC_INIT=true
 ...                               -e    MARKLOGIC_ADMIN_USERNAME=${DEFAULT ADMIN USER}
 ...                               -e    MARKLOGIC_ADMIN_PASSWORD=${DEFAULT ADMIN PASS}
@@ -172,6 +174,7 @@ Upgrade MarkLogic container with init parameter
 
 Upgrade MarkLogic container with init and credential parameters
     Skip If  'rootless' in '${IMAGE_TYPE}'  msg = Skipping Upgrade MarkLogic test for rootless image
+    Skip If  'arm' in '${IMAGE_TYPE}'  msg = Skipping Upgrade MarkLogic test for ARM image
     Create test container with    -e    MARKLOGIC_INIT=true
 ...                               -e    MARKLOGIC_ADMIN_USERNAME=${DEFAULT ADMIN USER}
 ...                               -e    MARKLOGIC_ADMIN_PASSWORD=${DEFAULT ADMIN PASS}
@@ -582,6 +585,7 @@ Initialized MarkLogic Server with wallet password and realm
     [Teardown]    Delete container
 
 Initialized MarkLogic container with ML converters
+    Skip If  'arm' in '${IMAGE_TYPE}'  msg = Skipping ML converters test for ARM image (converters not available)
     Create container with    -e    MARKLOGIC_INIT=true
     ...                      -e    MARKLOGIC_ADMIN_USERNAME=${DEFAULT ADMIN USER}
     ...                      -e    MARKLOGIC_ADMIN_PASSWORD=${DEFAULT ADMIN PASS}