Announcing a Chainguard Image for OpenTF

Dan Lorenc, CEO
September 6, 2023

Last week, we published an update for Chainguard Image users and customers regarding the recent HashiCorp License Changes. At the time of publishing, the open source fork of Terraform, called OpenTF project, had not yet been released. On September 5, 2023, OpenTF officially released the fork and it is now publicly available.

Like many of you , we’ve been closely following the re-licensing of Terraform, as well as the downstream impact on the rest of the container ecosystem. While some companies will be unaffected by the change to the BUSL, many will. At Chainguard we support FOSS, and recognize the need for an open alternative to the Hashicorp stack of tools.

This is still an experimental release of the source code and there are no tagged releases or branches yet for production use. To help the community try out the new tooling, we’ve added support for OpenTF to Wolfi, our community undistro, and to our Chainguard Images suite, which are both publicly available to try today.

To get started with Wolfi, you can `apk add opentf`:

-- CODE language-bash -- $ docker run -it sh / # apk add opentf fetch (1/1) Installing opentf (0.0_git20230905-r0) OK: 74 MiB in 15 packages / # opentf --version OpenTF v1.6.0-dev on linux_arm64

Or run the Chainguard Image directly:

-- CODE language-bash -- $ docker run --version OpenTF v1.6.0-dev on linux_arm64

The image and binaries are available on Linux amd64 and arm64 architectures. The Chainguard OpenTF Image weighs in at 65MB, and has zero-known CVEs according to all scanners supporting Wolfi today:

-- CODE language-bash -- % grype ✔ Vulnerability DB [no update available] ✔ Loaded image ✔ Parsed image sha256:26f04566a00141e5259fe08391525e587caf26f2cdde03ca0a63f44bddfcc701 ✔ Cataloged packages [180 packages] ✔ Scanned for vulnerabilities [0 vulnerabilities] ├── 0 critical, 0 high, 0 medium, 0 low, 0 negligible └── 0 fixed No vulnerabilities found

The OpenTF Foundation and project appear to be the leading community fork, but these things do sometimes take time to fully develop. We’re excited about the initial release and some of the features on the roadmap, including improved state encryption and OCI registry support. 

We have a dependency on Terraform for building and releasing our Chainguard images, and we plan on testing out and making use of OpenTF as part of that release flow in the future as it nears a production release. We also publish many Terraform plugins on the Hashicorp registry today, and we will make those available via the new OCI registry support for OpenTF users.

Open source is hard and business is hard. The unfortunate reality is that this relicensing will fragment the community, but we’ll do our best to make sure we best serve both Terraform and OpenTF users with our Images and tooling. We look forward to collaborating with the new OpenTF Foundation and community in the open, where OSS is done best!

As a reminder, we’re also going to continue to ship the BUSL-licensed Hashicorp products for users that are comfortable with using that license, and we’ll continue to backport our own security fixes to the MPL-versions for at least six months, for our paying customers. More information on this here.

If you're interested in using Chainguard Images, get in touch with us. Our Images inventory is always expanding and if you need something you don’t see listed in our catalog let us know.

Related articles

Ready to lock down your supply chain?

Talk to our customer obsessed, community-driven team.