Getting up to speed with the evolving software security landscape can be challenging even for those who have been in the technology industry for years. We built Chainguard Academy and packed it with educational resources so that everyone can set themselves up for success in the field. Today, we re-launched Academy with an improved user experience and fresh look to support both new learners starting their security journey and seasoned professionals who are seeking to understand the newest security technologies.
We had a few guiding principles behind the Chainguard Academy redesign:
From these questions, we have created a landing page with more avenues for exploration, improved navigation experiences site-wide and on individual articles, and new topic pages that surface many of the important resources you’ll need to ramp up.
Our Education repository is open source, and we invite feedback as we will continue to iterate on Chainguard Academy.
New security resources
The team has also been hard at work developing new educational material. We’d like to share with you some of the new highlights.
With the recent SLSA v1.0 release, follow our up-to-date SLSA guide to learn all you need to know so that your organization can effectively leverage this important framework for software supply chain security best practices.
The National Institute of Standards and Technology’s (NIST) Secure Software Development Framework (SSDF) can be hard to find and read in PDF format. We’ve put the most important resources into handy tables on Chainguard Academy:
We are continuously adding to our resource libraries on SBOMs, apko, Wolfi, and more, so be sure to check back in often for new updates.
Product documentation updates
We are continuously building out product documentation for Chainguard Images and Chainguard Enforce.
If you’d like to use minimal and frequently updated container images that have a lower attack surface, you can use our docs to learn more about Chainguard Images. We now have the Chainguard Registry to pull down Images, which you can read about in our growing catalog of Chainguard Registry Docs. We also recently released an API to review the tag history of Images, which you can learn how to use in the Using the Tag History API article.
Minimalist container images sometimes need a different approach when debugging, so we have written a guide on Debugging Distroless Images so you can explore your options and find a strategy that works for you and your organization. We also have been adding CVE comparisons for popular Images, which are now available in the Images Overview guides. You can check out Go and Ruby, for example.
Chainguard Enforce now has documentation on how to use Assumable Identities so that a workload can carry out tasks without manual supervision. We have a few guides on this with different pipelines, so check out:
Using CloudEvents with Chainguard Enforce can ensure that your team is responding to policy violations and other issues that come up in real time. Instead of needing to manually create an issue or alert, you can use CloudEvents to create Jira issues, GitHub issues, and Slack alerts.
Star our repo or bookmark our site to stay up to date with Chainguard Academy for the latest product updates, open source tooling, software security educational resources, and deep dive tutorials!
