https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/Recent content in About Chainguard Containers onHugo -- gohugo.ioen-USThu, 19 Dec 2024 08:49:15 +0000https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/what-chainguard-will-build/Mon, 13 Jan 2025 11:07:52 +0200https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/what-chainguard-will-build/There are currently over 2,000 Chainguard Containers and that number is always growing as we add more to our expanding catalog. If you would like a Chainguard Container that is not yet available, or inquire about whether we would build a given container image, Chainguard will endeavor to perform an analysis on the request. Chainguard aims to build new container images that are relevant to our customers and to support broader software security goals.https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/shared-responsibility-model/Thu, 17 Oct 2024 11:07:52 +0200https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/shared-responsibility-model/Chainguard’s mission is to be the safe source for open source. As part of this mission, Chainguard builds all of our packages and images from upstream open source code and delivers the resulting artifacts to our customers. There are three distinct parties involved here: Upstream projects, Chainguard, and Customers; each of these parties share some measure of responsibility across a few dimensions. This guide is an overview of Chainguard’s Shared Responsibility Model: a framework that outlines the security responsibilities of upstream open source software projects, Chainguard, and its customers.https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/getting-started-distroless/Thu, 21 Mar 2024 08:49:31 +0000https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/getting-started-distroless/About Distroless Container Images Distroless container images, like the ones built by Chainguard, are a type of container image designed to include only essential software required to run an application or service. Unlike traditional images based on Debian or Ubuntu — which include package managers, utilities, and shells — Chainguard’s distroless images remove these components to significantly reduce attack surface and minimize vulnerabilities. This minimal approach offers several benefits, including:https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/images-testing/Thu, 21 Mar 2024 11:07:52 +0200https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/images-testing/Chainguard Containers are minimal, distroless container images that you can use to build and run secure applications. Given the importance of secure, highly performant images, Chainguard performs testing to ensure our container images match the functionality of upstream and other external counterparts. This article provides a high-level overview of Chainguard’s approach to testing when building new container images to ensure their security and consistency with comparable container images. Build requirements for new container images Chainguard has a set of requirements in place that new container images must meet in order to be included in our Containers Directory.https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/differences-development-production/Fri, 01 Nov 2024 07:52:00 +0200https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/differences-development-production/Chainguard Containers follow a distroless philosophy, meaning that only software absolutely necessary for a specific workload is included in an image. Designed to be as minimal as possible, Chainguard’s standard container images do not contain package managers such as apk, shells such as b/a/sh, or development utilities such as Git or text editors. However, this distroless approach isn’t suitable for every use case. For this reason, most Chainguard Containers have what’s called a development variant.https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/versions/Mon, 08 Jan 2024 08:49:31 +0000https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/versions/Chainguard Containers are able to offer few-to-zero known vulnerabilities because they are updated frequently. Because of this continuous release cycle, the best way to mitigate vulnerabilities is to use the newest build of each Chainguard Container available. Chainguard keeps Containers up to date by doing one or more of the following: Applying new releases from upstream projects Rapidly applying upstream patches to current releases — you can read more about this in our blog post, “How Chainguard fixes vulnerabilities before they’re detected” Applying Chainguard patches to OSS software Upstream projects are updated frequently for many reasons, including to combat CVEs, and Chainguard ensures that the most up-to-date software is available in all Chainguard Containers.https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/images-categories/Thu, 03 Apr 2025 11:07:52 +0200https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/images-categories/Chainguard Containers are a collection of curated, distroless container images designed with a focus on software supply chain security. Chainguard’s container images are designed to be slim runtimes for production environments, emphasizing security and efficiency by removing unnecessary elements. Additionally, the images are designed to be easily integrated into existing workflows, helping organizations to build better, more secure software. Within the Chainguard Containers Directory, Chainguard Containers are organized into five general categories (with some falling into multiple categories):https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/zerocve/Fri, 31 May 2024 12:21:01 +0000https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/zerocve/Tools and resources used in this video Grype Wolfi Security Advisories Note: In November 2024, after this article was first written, Chainguard made changes to its free tier of container images. In order to access the non-free container images used in this guide, you will need to be part of an organization that has access to them. For a full list of container images that will remain in Chainguard's free tier, please refer to this support page.https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/package-name-mappings/Thu, 23 Oct 2025 11:07:52 +0200https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/package-name-mappings/When migrating to Chainguard Containers, you may notice that some package and image names differ from their upstream counterparts. This guide explains why these mappings exist and provides a comprehensive reference of how Chainguard maps image and package names to our container ecosystem. Why Chainguard Remaps Package Names Different Linux distributions often use different names for the same software. For example, Debian calls its C compiler package build-essential, while Alpine calls the equivalent package build-base and Fedora uses gcc and related packages.https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/can-anybody-build-containers/Sat, 02 Aug 2025 16:00:00 +0000https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/can-anybody-build-containers/Transcript Interviewer: But everything is open source—can anybody build the images themselves? Dustin Kirkland: Anyone certainly can. It does take quite a bit of expertise to get that to build the first time, and we’ve structured an entire engineering organization around building things the first time. When we get new requests from either internal Chainguard or our existing customers or our new prospects, it goes through a process by which we analyze that source code.