Chainguard Image now available for Apache Zookeeper

Dan Lorenc, CEO

•

March 20, 2023

The Case for Farm-to-Table Package Signing

Apache Zookeeper is one of the most widely used programs for distributed coordination in the industry, powering some of the most critical and highly available systems and platforms. Today, we’re excited to announce a new Chainguard Image for Apache Zookeeper.

‍

Chainguard’s build of Zookeeper is powered by Wolfi, which means it comes with our own OpenJDK JRE and is built from source using our trusted build system. Our Images are minimal and hardened to run as a non-root user on a locked down filesystem.

‍

As always, the binaries in our Images are built from source and come with comprehensive and SBOMs from the start. These SBOMs contain the package metadata for everything in the Image and can be used for vulnerability scanning or license compliance. You can download the SBOMs for these containers with cosign:

‍

-- CODE language-bash -- $ cosign download sbom --platform=linux/amd64 cgr.dev/chainguard/zookeeper { "SPDXID": "SPDXRef-DOCUMENT", "name": "sbom-sha256:e784091e9dbcfa18dadb20dd2b8ca7ecdc40cb5cfc9b4f115cb9384c08335c66", "spdxVersion": "SPDX-2.3", "creationInfo": { "created": "2023-03-13T17:47:28Z", "creators": [ "Tool: apko (v0.7.1-42-gcb833a5)", "Organization: Chainguard, Inc" ], "licenseListVersion": "3.16" }, "dataLicense": "CC0-1.0", "documentNamespace": "https://spdx.org/spdxdocs/apko/", "documentDescribes": [ "SPDXRef-Package-sha256-b7d50abe058c221c27dfb6f269ee05ef10ecfc0909d34032dfbba83b752e121b" ], "packages": [ { "SPDXID": "SPDXRef-Package-sha256-b7d50abe058c221c27dfb6f269ee05ef10ecfc0909d34032dfbba83b752e121b", "name": "sha256:b7d50abe058c221c27dfb6f269ee05ef10ecfc0909d34032dfbba83b752e121b", "filesAnalyzed": false, "description": "apko container image", "downloadLocation": "NOASSERTION", "primaryPackagePurpose": "CONTAINER", "checksums": [ { "algorithm": "SHA256", "checksumValue": "b7d50abe058c221c27dfb6f269ee05ef10ecfc0909d34032dfbba83b752e121b" }

‍

The Chainguard Zookeeper image is a fraction of the size of several alternatives and comes with our zero-known CVE target. Here’s how the numbers stack up:

If you want to see upwards of a 50% reduction in your Zookeeper Image sizes with more security built in by default, start using Chainguard’s Zookeeper Image today at github.com/chainguard-images, or get started with our Zookeeper Image using documentation in Chainguard Academy. Chainguard Images are now available for Bazel, curl, Git, Go, Jenkins, Postgres, Ruby and more. We currently offer our public Chainguard Images catalog for no cost to users, which includes features like SBOMs, signatures and SLSA Build Level 2 provenance information. If your organization requires patching SLAs, older version support or Images for compliance requirements, we offer Standard and Custom subscription tiers. Contact our team to learn more.

‍

We are always looking for ways to improve our end user experience. If you have feedback or would like to submit a support issue you can reach out to us directly or file it here.

‍

Update on our Chainguard Images Catalog: On August 16, 2023, we will be making changes to how Chainguard Image tags are pulled. Please see this announcement for further details about accessing our free, public Image catalog.

‍

The Case for Farm-to-Table Package Signing

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

Don’t break the chain – secure your supply chain today!

Product