Sign inContact usTry it out
Sign inContact usTry it out

Chainguard Image now available for Bazel

Dan Lorenc, CEO
  •  
January 17, 2023
The Case for Farm-to-Table Package Signing

Today we’re excited to share that Bazel is now available as a Chainguard Image. You might be familiar with our earlier work using Bazel to build containers, but now we’re using containers to build Bazel.

Bazel is a popular build tool that’s designed for speed, scalability, security, and performance. Build tools form a critical role in the software supply chain, but they’re often neglected or looked over when thinking about production security. As “Reflections on Trusting Trust” taught us decades ago, securing production infrastructure is impossible without a secure toolchain.

The Chainguard Bazel Image is built with the minimum required package set, keeping it slim for fast CI runs. This also means you have fewer CVEs to triage and remediate. 

As always, the binaries in our Images are built from source and come with comprehensive and Software Bills of Material (SBOMs) from the start. These SBOMs contain the package metadata for everything in the Image and can be used for vulnerability scanning or license compliance. You can download the SBOMs for these containers with cosign:

-- CODE language-bash -- $ cosign download sbom --platform=linux/amd64 cgr.dev/chainguard/bazel % ./cosign download sbom --platform=linux/amd64 cgr.dev/chainguard/bazel | head -n 50 WARNING: Downloading SBOMs this way does not ensure its authenticity. If you want to ensure a tamper-proof SBOM, download it using 'cosign download attestation ' or verify its signature. Found SBOM of media type: spdx+json { "SPDXID": "SPDXRef-DOCUMENT", "name": "sbom-sha256:3533b52c99d97466d5cdced7670aca356d22040421060f6e26d43169584708b9", "spdxVersion": "SPDX-2.3", "creationInfo": { "created": "2023-01-12T05:05:21Z", "creators": [ "Tool: apko (canary)", "Organization: Chainguard, Inc" ], "licenseListVersion": "3.16" }, "dataLicense": "CC0-1.0", "documentNamespace": "https://spdx.org/spdxdocs/apko/", "documentDescribes": [ "SPDXRef-Package-sha256-cd2de453d52c4318af131f80b2493f0cd755fa8c4549779f7ba46b3869d092b1" ], "files": [ { "SPDXID": "SPDXRef-File-/usr/lib/locale/C.utf8/LC_ADDRESS", "fileName": "/usr/lib/locale/C.utf8/LC_ADDRESS", "licenseConcluded": "NOASSERTION", "checksums": [ { "algorithm": "SHA1", "checksumValue": "12d0e0600557e0dcb3c64e56894b81230e2eaa72" }, { "algorithm": "SHA256", "checksumValue": "26e2800affab801cb36d4ff9625a95c3abceeda2b6553a7aecd0cfcf34c98099" }, { "algorithm": "SHA512", "checksumValue": "d38b225e8204e1e85e6c631481f46d0b8fca8cf8d8dfc290f00adb15b605959f91f0d55dc830fdd82c22f916140090928e44f1b5123facac135705cc81df00b0" } ] }, { "SPDXID": "SPDXRef-File-/usr/lib/locale/C.utf8/LC_COLLATE", "fileName": "/usr/lib/locale/C.utf8/LC_COLLATE", "licenseConcluded": "NOASSERTION", "checksums": [ { "algorithm": "SHA1", "checksumValue": "f245e3207984879d0b736c9aa42f4268e27221b9" }, { "algorithm": "SHA256", "checksumValue": "47a5f5359a8f324abc39d69a7f6241a2ac0e2fbbeae5b9c3a756e682b75d087b" },

If you want to see upwards of a 27% reduction in your Image sizes (see footnotes) with more security built in by default start using Chainguard’s Bazel Image today at github.com/chainguard-images, or get started with our Bazel Image using documentation in Chainguard Academy. Chainguard Images are currently for Redis, curl, Git, Go, Jenkins, Postgres, Ruby and more. We currently offer our public Chainguard Images catalog for no cost to users, which includes features like SBOMs, signatures and SLSA Build Level 2 provenance information. If your organization requires patching SLAs, older version support or Images for compliance requirements, we offer Standard and Custom subscription tiers. Contact our team to learn more. 

We are always looking for ways to improve our end user experience. If you have feedback or would like to submit a support issue you can reach out to us directly or file it here.

Update on our Chainguard Images Catalog: On August 16, 2023, we will be making changes to how Chainguard Image tags are pulled. Please see this announcement for further details about accessing our free, public Image catalog. 

_______________________________

1. Comparing gcr.io/bazel-public/bazel:latest to cgr.dev/chainguard/bazel:latest:

-- CODE language-bash -- $ docker images --digests REPOSITORY TAG DIGEST IMAGE ID CREATED SIZE cgr.dev/chainguard/bazel latest sha256:c3e856aa0886bd534d9f39c2db70d5670b98f0a9be2ab20cb487e3128bb4e3b3 9b2ee14765ae 8 hours ago 724MB gcr.io/bazel-public/bazel latest sha256:0a9fb6c7bb0db386888a26940e87829ffad4d2a6bc12bcc32523670ef9ea6505 a33cac676d1b 4 weeks ago 996MB

27% reduction in image size, also note difference in time since rebuild.

The Case for Farm-to-Table Package Signing

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

More articles

New Images guides on Chainguard Academy!

Mark Drake, Staff Technical Writer
  •  
December 5, 2023

AWS Inspector Adds Support for Chainguard Images

Kaylin Trychon, Vice President of Marketing
  •  
November 30, 2023

Into The Deep: Exploring Chainguard Container Images

Matt Moore, CTO
  •  
November 29, 2023

Don’t break the chain – secure your supply chain today!

Contact us
Please direct security disclosures or questions about our bug bounty program to security@chainguard.dev
Copyright 2022
BlogCareersLegalTerms

Sign up for our newsletter

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Unchained
Products
Chainguard Images
Reduce your attack surface with minimal, distroless images.
Chainguard Services
Infrastructure, configuration, and compliance assessment.
Developer
Resources
Company
Contact
Back
Docs
Open source
Back
Unchained blog
Chainguard labs
Customer stories
Education
Back
About
Newsroom
Careers
Back
About
Newsroom
Careers
Product

Chainguard Image now available for Bazel

Dan Lorenc, CEO
January 17, 2023
copied

Today we’re excited to share that Bazel is now available as a Chainguard Image. You might be familiar with our earlier work using Bazel to build containers, but now we’re using containers to build Bazel.

Bazel is a popular build tool that’s designed for speed, scalability, security, and performance. Build tools form a critical role in the software supply chain, but they’re often neglected or looked over when thinking about production security. As “Reflections on Trusting Trust” taught us decades ago, securing production infrastructure is impossible without a secure toolchain.

The Chainguard Bazel Image is built with the minimum required package set, keeping it slim for fast CI runs. This also means you have fewer CVEs to triage and remediate. 

As always, the binaries in our Images are built from source and come with comprehensive and Software Bills of Material (SBOMs) from the start. These SBOMs contain the package metadata for everything in the Image and can be used for vulnerability scanning or license compliance. You can download the SBOMs for these containers with cosign:

-- CODE language-bash -- $ cosign download sbom --platform=linux/amd64 cgr.dev/chainguard/bazel % ./cosign download sbom --platform=linux/amd64 cgr.dev/chainguard/bazel | head -n 50 WARNING: Downloading SBOMs this way does not ensure its authenticity. If you want to ensure a tamper-proof SBOM, download it using 'cosign download attestation ' or verify its signature. Found SBOM of media type: spdx+json { "SPDXID": "SPDXRef-DOCUMENT", "name": "sbom-sha256:3533b52c99d97466d5cdced7670aca356d22040421060f6e26d43169584708b9", "spdxVersion": "SPDX-2.3", "creationInfo": { "created": "2023-01-12T05:05:21Z", "creators": [ "Tool: apko (canary)", "Organization: Chainguard, Inc" ], "licenseListVersion": "3.16" }, "dataLicense": "CC0-1.0", "documentNamespace": "https://spdx.org/spdxdocs/apko/", "documentDescribes": [ "SPDXRef-Package-sha256-cd2de453d52c4318af131f80b2493f0cd755fa8c4549779f7ba46b3869d092b1" ], "files": [ { "SPDXID": "SPDXRef-File-/usr/lib/locale/C.utf8/LC_ADDRESS", "fileName": "/usr/lib/locale/C.utf8/LC_ADDRESS", "licenseConcluded": "NOASSERTION", "checksums": [ { "algorithm": "SHA1", "checksumValue": "12d0e0600557e0dcb3c64e56894b81230e2eaa72" }, { "algorithm": "SHA256", "checksumValue": "26e2800affab801cb36d4ff9625a95c3abceeda2b6553a7aecd0cfcf34c98099" }, { "algorithm": "SHA512", "checksumValue": "d38b225e8204e1e85e6c631481f46d0b8fca8cf8d8dfc290f00adb15b605959f91f0d55dc830fdd82c22f916140090928e44f1b5123facac135705cc81df00b0" } ] }, { "SPDXID": "SPDXRef-File-/usr/lib/locale/C.utf8/LC_COLLATE", "fileName": "/usr/lib/locale/C.utf8/LC_COLLATE", "licenseConcluded": "NOASSERTION", "checksums": [ { "algorithm": "SHA1", "checksumValue": "f245e3207984879d0b736c9aa42f4268e27221b9" }, { "algorithm": "SHA256", "checksumValue": "47a5f5359a8f324abc39d69a7f6241a2ac0e2fbbeae5b9c3a756e682b75d087b" },

If you want to see upwards of a 27% reduction in your Image sizes (see footnotes) with more security built in by default start using Chainguard’s Bazel Image today at github.com/chainguard-images, or get started with our Bazel Image using documentation in Chainguard Academy. Chainguard Images are currently for Redis, curl, Git, Go, Jenkins, Postgres, Ruby and more. We currently offer our public Chainguard Images catalog for no cost to users, which includes features like SBOMs, signatures and SLSA Build Level 2 provenance information. If your organization requires patching SLAs, older version support or Images for compliance requirements, we offer Standard and Custom subscription tiers. Contact our team to learn more. 

We are always looking for ways to improve our end user experience. If you have feedback or would like to submit a support issue you can reach out to us directly or file it here.

Update on our Chainguard Images Catalog: On August 16, 2023, we will be making changes to how Chainguard Image tags are pulled. Please see this announcement for further details about accessing our free, public Image catalog. 

_______________________________

1. Comparing gcr.io/bazel-public/bazel:latest to cgr.dev/chainguard/bazel:latest:

-- CODE language-bash -- $ docker images --digests REPOSITORY TAG DIGEST IMAGE ID CREATED SIZE cgr.dev/chainguard/bazel latest sha256:c3e856aa0886bd534d9f39c2db70d5670b98f0a9be2ab20cb487e3128bb4e3b3 9b2ee14765ae 8 hours ago 724MB gcr.io/bazel-public/bazel latest sha256:0a9fb6c7bb0db386888a26940e87829ffad4d2a6bc12bcc32523670ef9ea6505 a33cac676d1b 4 weeks ago 996MB

27% reduction in image size, also note difference in time since rebuild.

Related articles
Product
Into The Deep: Exploring Chainguard Container Images
November 29, 2023
Product
The Incremental Path to Container Images: Chainguard Images
November 28, 2023
Product
Chainguard announces new Sigstore images to bring critical software supply chain tooling to enterprises
November 14, 2023
Products

Chainguard Images

Chainguard Services

Developer

Open source

Docs

Resources

Unchained blog

Chainguard Labs

Customer stories

Scanners

Security

Education

Company

About

Newsroom

Careers

Legal

Contact

Follow

Twitter

GitHub

LinkedIn

TikTok

© 2023 Chainguard, Inc.

Contact