Chainguard Image now available for Ruby 3.2
Every Christmas, the Ruby core team releases a new version of the programming language, as a “treat” for the community. Following suit, we added a new build of Ruby 3.2 to Wolfi, the Linux undistro, and released a corresponding image to our suite of Chainguard Images. This new release has a lot of exciting new updates, including better performance thanks to yjit compiler improvements (Thanks, team Shopify!) and improved WASM support. In addition, Ruby 3.2 trimmed its bundled third-party dependencies, making it easier for distributions, like Wolfi, to package and more importantly, patch.
You can try out Ruby 3.2 using our image, cgr.dev/chainguard/ruby. Here’s a quick sample:
$ docker run cgr.dev/chainguard/ruby --version
ruby 3.2.0 (2022-12-25 revision a528908271) [aarch64-linux-gnu]
We also have builds for arm64 and amd64 available today. As always, the binaries in our Images are built from source and come with comprehensive and SBOMs from the start. These SBOMs contain the package metadata for everything in the Image and can be used for vulnerability scanning or license compliance. You can download the SBOMs for these containers with cosign:
cosign download sbom cgr.dev/chainguard/ruby > ruby.spdx.json
Found SBOM of media type: spdx+json
$ head ruby.spdx.json
{
"SPDXID": "SPDXRef-DOCUMENT",
"name": "sbom-sha256:d5a7ac53675c9064ef46a82d2d5875ab4f06b59d5123635793ee98148330c9e5",
"spdxVersion": "SPDX-2.3",
"creationInfo": {
"created": "2022-12-28T00:08:57Z",
"creators": [
"Tool: apko (canary)",
"Organization: Chainguard, Inc"
],
Because we build the packages in these Images directly from source, we’re able to apply patches and tweak the build configuration. In this case, we’re able to configure the new yjit implementation, contributed by the killer team at Shopify, during the build. According to the Ruby maintainers, yjit is 41% faster and uses less memory than the standard implementation. Other distributions or package managers that don’t build from source are unable to take advantage of these optimizations in an efficient way.
Try out any of our Images today at github.com/chainguard-images, or get started with our Ruby image using documentation in Chainguard Academy. Chainguard Images are now available for Bazel, curl, Git, Go, Jenkins, Postgres, Prometheus and more. We currently offer our public Chainguard Images catalog for no cost to users, which includes features like SBOMs, signatures and SLSA Build Level 2 provenance information. If your organization requires patching SLAs, older version support or Images for compliance requirements, we offer Standard and Custom subscription tiers. Contact our team to learn more. Happy Ruby-ing!
We are always looking for ways to improve our end user experience. If you have feedback or would like to submit a support issue you can reach out to us directly or file it here.
Update on our Chainguard Images Catalog: On August 16, 2023, we will be making changes to how Chainguard Image tags are pulled. Please see this announcement for further details about accessing our free, public Image catalog.
Share this article
Related articles
- product
Securing the AI coding ecosystem: Chainguard and the AI tools developers use
Matt Stead, Product Marketing Manager
- product
Secure your pipelines with Chainguard Actions, now available in Open Beta
Elsie Phillips, Staff Product Marketing Manager
- product
Adopt hardened containers without changing your pipelines, tooling, or environment
Mandy Hubbard, Sr. Technical Product Marketing Manager
- product
Chainguard plug-in now available on Cursor Marketplace
Matt Stead, Product Marketing Manager
- product
Chainguard Libraries for Java is now GA and includes CVE remediation
Ross Gordon, Staff Product Marketing Manager
- product
Introducing the Chainguard cinc-auditor image: STIG scanning for Chainguard Containers, ready to run
Steve Beattie, Sr. Principal Software Engineer, and Mandy Hubbard, Sr. Technical Product Marketing Manager