https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/security-advisories/Recent content in Chainguard Containers Security Advisories onHugo -- gohugo.ioen-USFri, 26 Jul 2024 18:09:12 +0000https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/security-advisories/how-to-use/Wed, 27 Dec 2023 11:07:52 +0200https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/security-advisories/how-to-use/When using scanners such as Grype or Docker Scout to scan for vulnerabilities in Chainguard Containers, you’ll often find that there are few or no CVEs present. However, CVEs can sometimes be found in Chainguard Containers, and you may also encounter CVEs if you’re using older tags. In these cases, you will likely wish to check Chainguard’s security advisories for information on which CVEs will cause security issues in your deployment.https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/security-advisories/how-chainguard-issues/Fri, 26 Jul 2024 18:09:12 +0000https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/security-advisories/how-chainguard-issues/When you scan a newly-built Chainguard Container with a vulnerability scanner, typically, no CVEs will be reported. However, as software packages age, more vulnerabilities are reported and CVEs will begin to accumulate in container images. When this happens, Chainguard releases security advisories to communicate these vulnerabilities to downstream images users. In alignment with the Chainguard Container Product Release Lifecycle, our vulnerability management strategy focuses on the latest versions of any given release track, as these are the versions we actively maintain and secure.https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/security-advisories/managing-advisories/Mon, 05 Aug 2024 20:23:51 +0000https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/security-advisories/managing-advisories/Note: This document is deprecated as of June 2025. Chainguard operates its own Security Advisories page to alert users about the status of vulnerabilities found in Chainguard Containers. To maintain this database, we use wolfictl, a tool developed for working with the Wolfi un-distro. In this guide, you will walk through using wolfictl to create an advisory for a vulnerable package. You’ll also learn how to update this advisory as more information about the vulnerability is disclosed over time.