Announcing Dockerfile Converter: Fast and Easy Migration to Use Chainguard Containers

We are excited to announce Dockerfile Converter, Chainguard’s new open source tool that allows developers to quickly and easily modify their Dockerfiles to start unlocking the benefits of zero-CVE minimal Chainguard Containers. With Dockerfile Converter, users migrating to Chainguard Containers can automate pieces of the migration process to reduce manual effort and increase adoption across teams.

Acting on Customer Feedback 

To fully leverage the benefits of Chainguard Containers — enhanced security and reduced developer toil, engineering teams — customers have historically had to modify their Dockerfiles as they migrated from Debian and Red Hat UBI Dockerfiles to the APK ecosystem that supports Chainguard Containers. Depending on the complexity of the Dockerfiles, the number of Dockerfiles to migrate, single-stage or multi-stage builds, and the technical capabilities of the team, this can take time and effort. This manual activity often results in misconfigured files and typographical errors, leading to frustrations over troubleshooting. These hurdles slow down the time to value and delay ROI realization for customers.

Our customers shared the need for a tool to simplify migration by automatically converting Dockerfiles to drive large-scale adoption. Accelerating adoption enables engineering teams to reduce security risks while unlocking revenue through increased productivity and faster innovation.

Chainguard’s Solution: Dockerfile Converter

Chainguard goes above and beyond static library mapping by introducing a tool that not only addresses these customer pain points but also significantly reduces manual conversion effort for developers. The Dockerfile Converter is a CLI-based tool that allows customers to input their Dockerfile and receive output as a single converted Dockerfile that incorporates Chainguard Containers. This local tool operates entirely offline without making any calls to the cloud or external data sources. It enables customers to securely convert their Dockerfiles while ensuring sensitive code stays within their environment.

Dockerfile Converter analyzes key Dockerfile directives—such as FROM, RUN, and ARG—to accurately map image references, package references, user for running commands, syntax differences, and entry points to the corresponding Alpine-based Chainguard images and packages defined in builtin-mappings.yaml. A key benefit of this open-source tool is its customization, allowing customers to add their own unique mappings and ensure their uniquely named images are correctly mapped within Dockerfile Converter.

Dockerfile Converter integrates into the existing workflow by creating a new copy of the Dockerfile and keeping the original file untouched. Customers can review and test the newly created Dockerfiles while always having the flexibility to revert to the older version. This is especially useful for complex Dockerfiles that may not be converted accurately. Dockerfile Converter also ensures software compatibility by supporting simplified semantic version tags, making it easier to manage and track image versions. Tag association ensures that Chainguard production images with a smaller attack surface and build images(-dev) are used accurately.

Driving Faster Adoption and an Improved Developer Experience

Dockerfile Converter delivers an optimized Dockerfile tailored to your environment, reducing the time, risk, and complexity of manual conversion. Let’s take a deeper dive into the benefits of Dockerfile Converter:

1. Accelerated adoption and ROI: With Dockerfile Converter, customers can fast-track their migration to Chainguard Containers by reducing the manual effort required to modify existing Dockerfiles. This allows teams to bring their products to market faster, and saves them time and money spent on engineering toil.

2. Improved developer experience: Dockerfile Converter streamlines development workflows by reducing the manual effort for converting Dockerfiles. Developers can focus on application development and innovation by leveraging Chainguard Containers instead of spending time and effort to manually convert Dockerfiles.

3. Flexible and secure by design: Dockerfile Converter is built with an open and extensible design that allows teams to easily customize their own mappings in addition to Chainguard’s mappings to meet specific use cases. It also supports both build and production images, helping minimize the attack surface while ensuring full compatibility with semantic versioning, so you get both control and security without compromise. 

Getting started with Dockerfile Converter

Dockerfile Converter is open source and available to everyone using Chainguard Containers. It helps developers adopt Chainguard Containers for both initial migration and the addition of new images.

We’re excited to hear your feedback as you use Dockerfile Converter to convert your Dockerfiles to reap the benefits of Chainguard Containers. It will play a key role in shaping our future plans and additional capabilities. Please reach out if you are interested in learning more about Chainguard Containers.