Today we’re excited to announce that Postgres is available as a Chainguard Image, because you should need a database for your data, not your vulnerabilities. Postgres is one of the most popular, versatile, and scalable open source databases available today, and now you can run it as a hardened container image built on Wolfi.
The full documentation is available here, or you can follow these steps to get started. You will need to specify a database password as an environment variable.
For hardening, the Postgres Chainguard Image runs as a non-root user (named postgres) by default. Because we build Postgres from source, you also benefit from our compiler hardening and memory safety features.
Our Postgres Image build comes in at just 43MB, up to 90% smaller than comparable images. Our Postgres Image also comes with fewer CVEs (aiming for zero-known CVEs), which helps you save time triaging noise. Other available images can contain up to 100 CVEs on a regular basis.
As always, the binaries in our Chainguard Images are built from source and come with comprehensive and SBOMs from the start. These SBOMs contain the package metadata for everything in the Image and can be used for vulnerability scanning or license compliance. You can download the SBOMs for these containers with cosign:
If you want to see upwards of a 90% reduction in your Postgres image sizes with more security built in by default, start using Chainguard’s Postgres Image today at github.com/chainguard-images, or get started using documentation in Chainguard Academy. Chainguard Images are now available for Bazel, curl, Git, Go, Jenkins, Kubectl, Ko, Ruby and more. We currently offer our public Chainguard Images catalog for no cost to users, which includes features like SBOMs, signatures and SLSA Build Level 2 provenance information. If your organization requires patching SLAs, older version support or Images for compliance requirements, we offer Standard and Custom subscription tiers. Contact our team to learn more.
Update on our Chainguard Images Catalog: On August 16, 2023, we will be making changes to how Chainguard Image tags are pulled. Please see this announcement for further details about accessing our free, public Image catalog.