diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
index b358d64434..3a191e03b1 100644
--- a/.terraform.lock.hcl
+++ b/.terraform.lock.hcl
@@ -46,7 +46,6 @@ provider "registry.terraform.io/chainguard-dev/cosign" {
 provider "registry.terraform.io/chainguard-dev/imagetest" {
   version = "0.0.15"
   hashes = [
-    "h1:E9QPnLxpK2eBYTcq98mOsYzQk6DesMFl85pOPKLqbCU=",
     "h1:l14VgkvJfRLbbE7CEOnNoy88i2g+pkYUa8nkeJOujYU=",
     "zh:6c0f636a35d39b38a9a3043cb79c98a1b6500624ec6acc266368b6b46e13e511",
     "zh:76d75433235e6a84d65df7476386b766efd67ae74a7dea487c14365859c68d99",
diff --git a/images/envoy-ratelimit/tests/main.tf b/images/envoy-ratelimit/tests/main.tf
index a10704da77..4bf227354f 100644
--- a/images/envoy-ratelimit/tests/main.tf
+++ b/images/envoy-ratelimit/tests/main.tf
@@ -11,45 +11,16 @@ variable "digest" {
 
 data "oci_string" "ref" { input = var.digest }
 
-data "imagetest_inventory" "this" {}
-
-resource "imagetest_harness_docker" "this" {
-  name      = "envoy-ratelimit-container"
-  inventory = data.imagetest_inventory.this
-
-  mounts = [
-    {
-      source      = path.module
-      destination = "/tests"
-    }
-  ]
-
-  envs = {
-    IMAGE_NAME : var.digest
-  }
+# TODO: Convert this to imagetest_harness_container when ready
+data "oci_exec_test" "runs" {
+  digest = var.digest
+  script = "${path.module}/runs.sh"
 }
 
-resource "imagetest_feature" "container_runs" {
-  name        = "container runs"
-  description = "verifies that the envoy-ratelimit container runs"
-  harness     = imagetest_harness_docker.this
-
-  steps = [
-    {
-      name = "Run test"
-      cmd  = <<EOT
-docker run --rm $IMAGE_NAME 2>&1 | grep "creating redis connection error"
-EOT
-    }
-  ]
-
-  labels = {
-    type = "container"
-  }
-}
+data "imagetest_inventory" "this" {}
 
 resource "imagetest_harness_k3s" "this" {
-  name      = "envoy-ratelimit-k3s"
+  name      = "envoy-ratelimit"
   inventory = data.imagetest_inventory.this
 
   sandbox = {
diff --git a/images/envoy-ratelimit/tests/runs.sh b/images/envoy-ratelimit/tests/runs.sh
new file mode 100755
index 0000000000..2a29a8a9c0
--- /dev/null
+++ b/images/envoy-ratelimit/tests/runs.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+set -o errexit -o nounset -o errtrace -o pipefail -x
+
+set +o pipefail  # We expect the command to fail, but want its output anyway.
+
+docker run --rm "${IMAGE_NAME}" 2>&1 | grep "creating redis connection error"
diff --git a/images/external-secrets/tests/main.tf b/images/external-secrets/tests/main.tf
index 0973e386fa..3d9eb5f707 100644
--- a/images/external-secrets/tests/main.tf
+++ b/images/external-secrets/tests/main.tf
@@ -13,34 +13,19 @@ data "oci_string" "ref" {
   input = var.digest
 }
 
-data "imagetest_inventory" "this" {}
-
-resource "imagetest_harness_docker" "this" {
-  name      = "external-secrets-container"
-  inventory = data.imagetest_inventory.this
-
-  envs = {
-    IMAGE_NAME : var.digest
-  }
+# TODO: Convert this to imagetest_harness_container when ready
+data "oci_exec_test" "version" {
+  digest = var.digest
+  script = <<EOF
+    # We expect the command to fail, but want its output anyway.
+    ( docker run --rm $IMAGE_NAME --help 2>&1 || true ) | grep external-secrets
+  EOF
 }
 
-resource "imagetest_feature" "this" {
-  harness     = imagetest_harness_docker.this
-  name        = "basic container test"
-  description = "basic container test to verify that things run as expected"
-
-  steps = [
-    {
-      name = "Run container"
-      cmd  = <<EOT
-docker run --rm $IMAGE_NAME --help 2>&1
-EOT
-    }
-  ]
-}
+data "imagetest_inventory" "this" {}
 
 resource "imagetest_harness_k3s" "this" {
-  name      = "external-secrets-k3s"
+  name      = "external-secrets"
   inventory = data.imagetest_inventory.this
 
   sandbox = {
diff --git a/images/jre/tests/02-hello-world.sh b/images/jre/tests/02-hello-world.sh
new file mode 100755
index 0000000000..8a57349299
--- /dev/null
+++ b/images/jre/tests/02-hello-world.sh
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+set -o errexit -o nounset -o errtrace -o pipefail
+
+SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+TMP=$(mktemp -d)
+JAVA_SOURCE_VERSION="${JAVA_SOURCE_VERSION:-8}"
+JAVA_TARGET_VERSION="${JAVA_TARGET_VERSION:-8}"
+
+function cleanup() {
+    rm -rf "${TMP}"
+}
+trap cleanup EXIT
+
+cp "${SCRIPT_DIR}"/*.java "${TMP}"
+
+# Make this writeable by the nonroot container user
+chmod 777 "${TMP}"
+
+docker run --rm -v "${TMP}:/tmp" \
+  `# Build using the latest JDK image` \
+  --entrypoint "javac" "${SDK_IMAGE}" \
+  `# Targeting Java 8 so that all our JREs can run the produced .class file` \
+  -source ${JAVA_SOURCE_VERSION} -target ${JAVA_TARGET_VERSION} \
+  /tmp/HelloWorld.java -d /tmp
+
+# Now we have the .class file, run it to test our JRE.
+docker run --rm -v "${TMP}:/tmp" --entrypoint "java" "${IMAGE_NAME}" -cp /tmp HelloWorld
diff --git a/images/jre/tests/main.tf b/images/jre/tests/main.tf
index 1a8a78e88c..3ee1f1e16a 100644
--- a/images/jre/tests/main.tf
+++ b/images/jre/tests/main.tf
@@ -1,7 +1,6 @@
 terraform {
   required_providers {
-    oci       = { source = "chainguard-dev/oci" }
-    imagetest = { source = "chainguard-dev/imagetest" }
+    oci = { source = "chainguard-dev/oci" }
   }
 }
 
@@ -26,76 +25,24 @@ variable "sdk-image" {
   default     = "cgr.dev/chainguard/jdk"
 }
 
-data "imagetest_inventory" "this" {}
-
-resource "imagetest_container_volume" "volume" {
-  name      = "scratch-volume"
-  inventory = data.imagetest_inventory.this
+data "oci_exec_test" "version" {
+  digest = var.digest
+  script = "docker run --rm --entrypoint /usr/bin/java $IMAGE_NAME -version"
 }
 
-resource "imagetest_harness_docker" "this" {
-  name      = "jre"
-  inventory = data.imagetest_inventory.this
-
-  volumes = [
-    {
-      source      = imagetest_container_volume.volume
-      destination = "/data"
-    }
-  ]
-
-  mounts = [
-    {
-      source      = path.module
-      destination = "/tests"
-    }
-  ]
-
-  envs = {
-    "SDK_IMAGE" : var.sdk-image
-    "IMAGE_NAME" : var.digest
-    "JAVA_SOURCE_VERSION" : var.java-source-version
-    "JAVA_TARGET_VERSION" : var.java-target-version
-    "VOLUME_NAME" : imagetest_container_volume.volume.id
+data "oci_exec_test" "hello-world" {
+  digest = var.digest
+  script = "${path.module}/02-hello-world.sh"
+  env {
+    name  = "SDK_IMAGE"
+    value = var.sdk-image
+  }
+  env {
+    name  = "JAVA_SOURCE_VERSION"
+    value = var.java-source-version
+  }
+  env {
+    name  = "JAVA_TARGET_VERSION"
+    value = var.java-target-version
   }
-}
-
-resource "imagetest_feature" "basic" {
-  name    = "basic test"
-  harness = imagetest_harness_docker.this
-
-  steps = [
-    {
-      name = "Version check"
-      cmd  = <<EOT
-docker run --rm --entrypoint /usr/bin/java $IMAGE_NAME -version
-EOT
-    },
-    {
-      name = "Prepare permissions and copy files"
-      cmd  = <<EOT
-chmod 777 /data
-cp -r /tests/* /data
-ls -al /data
-EOT
-    },
-    {
-      name = "Run tests"
-      cmd  = <<EOT
-# Compile the .java file into a .class file
-docker run --rm \
-  -v $VOLUME_NAME:/data \
-  --workdir /data \
-  --entrypoint /usr/bin/javac "$SDK_IMAGE" \
-  -source $JAVA_SOURCE_VERSION -target $JAVA_TARGET_VERSION \
-  HelloWorld.java
-
-# Now we have the .class file, run it to test our JRE.
-docker run --rm \
-  -v $VOLUME_NAME:/data \
-  --workdir /data \
-  --entrypoint /usr/bin/java "$IMAGE_NAME" HelloWorld
-EOT
-    }
-  ]
 }