Chainguard Image Now Available for NATS

Dan Lorenc
  •  
March 27, 2023

NATS is a high-performance, cloud-native messaging system designed for edge and cloud use cases. We’re excited to announce we now have a hardened Chainguard Image for NATS. The Chainguard NATS Image is built on Wolfi, our secure by default operating system for containerized workloads that allows for minimal Images built with our hardened toolchain

To get started with the Chainguard NATS Image pull the following and run it:

-- CODE language-bash -- % docker run cgr.dev/chainguard/nats [1] 2023/03/18 12:16:10.462431 [INF] Starting nats-server [1] 2023/03/18 12:16:10.462525 [INF] Version: 2.9.15 [1] 2023/03/18 12:16:10.462527 [INF] Git: [b91fa85462d42c2f988170aee27955773e68c56d] [1] 2023/03/18 12:16:10.462530 [INF] Cluster: Hmupub4UnnYq6voFq5iK6X [1] 2023/03/18 12:16:10.462533 [INF] Name: ND6XNANOPWNAPDAVUNYZQEKYD5KYVXLZHXZ3BYEWYXMH5ZF2XLUL2SU4 [1] 2023/03/18 12:16:10.462534 [INF] ID: ND6XNANOPWNAPDAVUNYZQEKYD5KYVXLZHXZ3BYEWYXMH5ZF2XLUL2SU4 [1] 2023/03/18 12:16:10.462544 [INF] Using configuration file: /etc/nats/nats-server.conf [1] 2023/03/18 12:16:10.463399 [INF] Starting http monitor on 0.0.0.0:8222 [1] 2023/03/18 12:16:10.463502 [INF] Listening for client connections on 0.0.0.0:4222 [1] 2023/03/18 12:16:10.463719 [INF] Server is ready [1] 2023/03/18 12:16:10.463745 [INF] Cluster name is Hmupub4UnnYq6voFq5iK6X [1] 2023/03/18 12:16:10.463752 [WRN] Cluster name was dynamically generated, consider setting one [1] 2023/03/18 12:16:10.463801 [INF] Listening for route connections on 0.0.0.0:6222 ^C[1] 2023/03/18 12:16:14.736516 [INF] Initiating Shutdown... [1] 2023/03/18 12:16:14.736997 [INF] Server Exiting..

We also offer a development NATS Image variant that contains a few extra utilities, like the nats CLI and the nsc tool, for working with NATS and associated configurations and authentication tokens. This Image is available at cgr.dev/chainguard/nats:latest-dev

The Chainguard NATS Image is over 50% smaller than other similar options and comes with our zero-known CVE target. See the numbers for yourself:

As always, the binaries in our Images are built from source and come with comprehensive and SBOMs from the start. These SBOMs contain the package metadata for everything in the Image and can be used for vulnerability scanning or license compliance. You can download the SBOMs for these containers with cosign:

-- CODE language-bash -- $ cosign download sbom --platform=linux/amd64 cgr.dev/chainguard/nats Found SBOM of media type: text/spdx+json { "SPDXID": "SPDXRef-DOCUMENT", "name": "sbom-sha256:27c560d563ef3428a39e6d3bb3a972ee69e98ec0a8f6e5e16410b5761946d950", "spdxVersion": "SPDX-2.3", "creationInfo": { "created": "2023-03-18T00:09:05Z", "creators": [ "Tool: apko (v0.7.2-2-g6999856)", "Organization: Chainguard, Inc" ], "licenseListVersion": "3.16" }, "dataLicense": "CC0-1.0", "documentNamespace": "https://spdx.org/spdxdocs/apko/", "documentDescribes": [ "SPDXRef-Package-sha256-049445d02bf2414bc0f95b99c5825ece3affb58ec7679d198503b5c5d1e61161" ], "packages": [ { "SPDXID": "SPDXRef-Package-sha256-049445d02bf2414bc0f95b99c5825ece3affb58ec7679d198503b5c5d1e61161", "name": "sha256:049445d02bf2414bc0f95b99c5825ece3affb58ec7679d198503b5c5d1e61161", "filesAnalyzed": false, "description": "apko container image", "downloadLocation": "NOASSERTION", "primaryPackagePurpose": "CONTAINER", "checksums": [ { "algorithm": "SHA256", "checksumValue": "049445d02bf2414bc0f95b99c5825ece3affb58ec7679d198503b5c5d1e61161" }

If you want to see upwards of a 50% reduction in your NATS image sizes with more security built in by default, start using Chainguard’s NATS Image today at github.com/chainguard-images, or get started with our documentation in Chainguard Academy. Chainguard Images are now available for Apache Zookeeper, Bazel, curl, Git, Go, Jenkins, Postgres, Ruby and more. If you’re interested in support contracts, SLAs for vulnerabilities, FIPS-enabled images or support for custom images or older versions, please reach out

We are always looking for ways to improve our end user experience. If you have feedback or would like to submit a support issue you can reach out to us directly or file it here.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

Don’t break the chain – secure your supply chain today!

Product

Chainguard Image Now Available for NATS

Dan Lorenc
March 27, 2023
copied

NATS is a high-performance, cloud-native messaging system designed for edge and cloud use cases. We’re excited to announce we now have a hardened Chainguard Image for NATS. The Chainguard NATS Image is built on Wolfi, our secure by default operating system for containerized workloads that allows for minimal Images built with our hardened toolchain

To get started with the Chainguard NATS Image pull the following and run it:

-- CODE language-bash -- % docker run cgr.dev/chainguard/nats [1] 2023/03/18 12:16:10.462431 [INF] Starting nats-server [1] 2023/03/18 12:16:10.462525 [INF] Version: 2.9.15 [1] 2023/03/18 12:16:10.462527 [INF] Git: [b91fa85462d42c2f988170aee27955773e68c56d] [1] 2023/03/18 12:16:10.462530 [INF] Cluster: Hmupub4UnnYq6voFq5iK6X [1] 2023/03/18 12:16:10.462533 [INF] Name: ND6XNANOPWNAPDAVUNYZQEKYD5KYVXLZHXZ3BYEWYXMH5ZF2XLUL2SU4 [1] 2023/03/18 12:16:10.462534 [INF] ID: ND6XNANOPWNAPDAVUNYZQEKYD5KYVXLZHXZ3BYEWYXMH5ZF2XLUL2SU4 [1] 2023/03/18 12:16:10.462544 [INF] Using configuration file: /etc/nats/nats-server.conf [1] 2023/03/18 12:16:10.463399 [INF] Starting http monitor on 0.0.0.0:8222 [1] 2023/03/18 12:16:10.463502 [INF] Listening for client connections on 0.0.0.0:4222 [1] 2023/03/18 12:16:10.463719 [INF] Server is ready [1] 2023/03/18 12:16:10.463745 [INF] Cluster name is Hmupub4UnnYq6voFq5iK6X [1] 2023/03/18 12:16:10.463752 [WRN] Cluster name was dynamically generated, consider setting one [1] 2023/03/18 12:16:10.463801 [INF] Listening for route connections on 0.0.0.0:6222 ^C[1] 2023/03/18 12:16:14.736516 [INF] Initiating Shutdown... [1] 2023/03/18 12:16:14.736997 [INF] Server Exiting..

We also offer a development NATS Image variant that contains a few extra utilities, like the nats CLI and the nsc tool, for working with NATS and associated configurations and authentication tokens. This Image is available at cgr.dev/chainguard/nats:latest-dev

The Chainguard NATS Image is over 50% smaller than other similar options and comes with our zero-known CVE target. See the numbers for yourself:

As always, the binaries in our Images are built from source and come with comprehensive and SBOMs from the start. These SBOMs contain the package metadata for everything in the Image and can be used for vulnerability scanning or license compliance. You can download the SBOMs for these containers with cosign:

-- CODE language-bash -- $ cosign download sbom --platform=linux/amd64 cgr.dev/chainguard/nats Found SBOM of media type: text/spdx+json { "SPDXID": "SPDXRef-DOCUMENT", "name": "sbom-sha256:27c560d563ef3428a39e6d3bb3a972ee69e98ec0a8f6e5e16410b5761946d950", "spdxVersion": "SPDX-2.3", "creationInfo": { "created": "2023-03-18T00:09:05Z", "creators": [ "Tool: apko (v0.7.2-2-g6999856)", "Organization: Chainguard, Inc" ], "licenseListVersion": "3.16" }, "dataLicense": "CC0-1.0", "documentNamespace": "https://spdx.org/spdxdocs/apko/", "documentDescribes": [ "SPDXRef-Package-sha256-049445d02bf2414bc0f95b99c5825ece3affb58ec7679d198503b5c5d1e61161" ], "packages": [ { "SPDXID": "SPDXRef-Package-sha256-049445d02bf2414bc0f95b99c5825ece3affb58ec7679d198503b5c5d1e61161", "name": "sha256:049445d02bf2414bc0f95b99c5825ece3affb58ec7679d198503b5c5d1e61161", "filesAnalyzed": false, "description": "apko container image", "downloadLocation": "NOASSERTION", "primaryPackagePurpose": "CONTAINER", "checksums": [ { "algorithm": "SHA256", "checksumValue": "049445d02bf2414bc0f95b99c5825ece3affb58ec7679d198503b5c5d1e61161" }

If you want to see upwards of a 50% reduction in your NATS image sizes with more security built in by default, start using Chainguard’s NATS Image today at github.com/chainguard-images, or get started with our documentation in Chainguard Academy. Chainguard Images are now available for Apache Zookeeper, Bazel, curl, Git, Go, Jenkins, Postgres, Ruby and more. If you’re interested in support contracts, SLAs for vulnerabilities, FIPS-enabled images or support for custom images or older versions, please reach out

We are always looking for ways to improve our end user experience. If you have feedback or would like to submit a support issue you can reach out to us directly or file it here.

Related articles