Sign inContact usTry it out
Sign inContact usTry it out

Chainguard Image now available for Redis

Dan Lorenc, CEO
  •  
January 4, 2023
The Case for Farm-to-Table Package Signing

Redis is one of the most versatile and popular databases available, and today we’re announcing that Chainguard Images has added Redis 7 to our collection. Our Redis image is built on Wolfi, our Linux (un)distribution, making the images minimal, secure-by-default, and up-to-date. They’re also based on glibc, making them compatible with most other applications and extensions.

All Chainguard Images are hardened using most common industry benchmarks and frameworks, for Redis, this means we:

  • Run as a non-root user
  • Only include necessary packages
  • Scan the images continuously and rebuild for security updates

In addition to the standard scan/rebuild process, Chainguard builds all dependencies from source. This means we don’t have to wait for upstream patches to become available, we are the upstream. We can also mark CVEs that are not applicable in our images as invalid directly in our security database, which is automatically ingested by most major container scanning products.

The end result is a small, hardened container with fewer CVEs than the other options. The numbers speak for themselves – the Chainguard Redis image comes in at just 13.3MB, which is nearly a 71% average size reduction from most other Redis images available today.

-- CODE language-bash -- $ docker images --format="{{.Repository}}:{{.Tag}} {{.Size}}" | grep redis cgr.dev/chainguard/redis:latest 13.8MB bitnami/redis:latest 95.4MB redis:bullseye 111MB redis:alpine 30.3MB rapidfort/redis:latest 23.3MB

In addition to size reduction, our Chainguard Image returns zero-known CVEs when compared with other Redis images.

-- CODE language-bash -- trivy image cgr.dev/chainguard/redis:latest 2023-01-04T13:26:39.189-0700 INFO Vulnerability scanning is enabled 2023-01-04T13:26:39.211-0700 INFO Detected OS: wolfi 2023-01-04T13:26:39.211-0700 INFO Detecting Wolfi vulnerabilities... 2023-01-04T13:26:39.214-0700 INFO Number of language-specific files: 0 cgr.dev/chainguard/redis:latest (wolfi 20221118) Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

To further put this into perspective, one of the scans we completed on a Redis image uncovered a total of 79 known vulnerabilities.

As always, the binaries in our Images are built from source and come with comprehensive and SBOMs from the start. These SBOMs contain the package metadata for everything in the Image and can be used for vulnerability scanning or license compliance. You can download the SBOMs for these containers with cosign:

-- CODE language-bash -- $ cosign download sbom --platform=linux/amd64 cgr.dev/chainguard/redis | head -n 30 { "SPDXID": "SPDXRef-DOCUMENT", "name": "sbom-sha256:4bf530ff855641e4e6a0032f53232be8e92c2fe9ef8b808ebcffe92517888c93", "spdxVersion": "SPDX-2.3", "creationInfo": { "created": "2022-12-29T14:56:39Z", "creators": [ "Tool: apko (canary)", "Organization: Chainguard, Inc" ], "licenseListVersion": "3.16" }, "dataLicense": "CC0-1.0", "documentNamespace": "https://spdx.org/spdxdocs/apko/", "documentDescribes": [ "SPDXRef-Package-sha256-1e6c77536fea02d5d6010219dee8526bda0dc2ba55c67065e436268a1a7295ee" ], "files": [ { "SPDXID": "SPDXRef-File-/bin/busybox", "fileName": "/bin/busybox", "licenseConcluded": "NOASSERTION", "checksums": [ { "algorithm": "SHA1", "checksumValue": "61a21d1bd4325626ae2b9d4d62f326aa81232b71" }, { "algorithm": "SHA256", "checksumValue": "82f9f0eb346c1e0e3c23178d55da6ed52e5fbf66930691a88f83ed87b18061fa"

If you want to see upwards of an 87% reduction in your Redis Image sizes with more security built in by default start using Chainguard’s Redis Image today at github.com/chainguard-images, or get started with our Redis image using documentation in Chainguard Academy. Chainguard Images are now available for Bazel, curl, Git, Go, Jenkins, Postgres, Ruby and more. We currently offer our public Chainguard Images catalog for no cost to users, which includes features like SBOMs, signatures and SLSA Build Level 2 provenance information. If your organization requires patching SLAs, older version support or Images for compliance requirements, we offer Standard and Custom subscription tiers. Contact our team to learn more. 

We are always looking for ways to improve our end user experience. If you have feedback or would like to submit a support issue you can reach out to us directly or file it here

Update on our Chainguard Images Catalog: On August 16, 2023, we will be making changes to how Chainguard Image tags are pulled. Please see this announcement for further details about accessing our free, public Image catalog. 

The Case for Farm-to-Table Package Signing

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

More articles

A growing ecosystem of vulnerability scanners that now support Chainguard Images and Wolfi

Kim Lewandowski, Chief Product Officer
  •  
September 21, 2023

How to use Dockerfiles with wolfi-base images

Adrian Mouat, Staff DevRel Engineer
  •  
September 14, 2023

An update on Chainguard Images FIPS Validation

Adam Dawson, Product Manager, Chainguard Images
  •  
September 13, 2023

Don’t break the chain – secure your supply chain today!

Contact us
Please direct security disclosures or questions about our bug bounty program to security@chainguard.dev
Copyright 2022
BlogCareersLegalTerms

Sign up for our newsletter

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Unchained
Products
Chainguard Images
Reduce your attack surface with minimal, distroless images.
Chainguard Enforce
Manage, monitor and enforce end-to-end policies.
Chainguard Services
Infrastructure, configuration, and compliance assessment.
Developer
Resources
Company
Contact
Back
Docs
Open source
Back
Unchained blog
Chainguard labs
Customer stories
Education
Back
About
Newsroom
Careers
Back
About
Newsroom
Careers
Product

Chainguard Image now available for Redis

Dan Lorenc, CEO
January 4, 2023
copied

Redis is one of the most versatile and popular databases available, and today we’re announcing that Chainguard Images has added Redis 7 to our collection. Our Redis image is built on Wolfi, our Linux (un)distribution, making the images minimal, secure-by-default, and up-to-date. They’re also based on glibc, making them compatible with most other applications and extensions.

All Chainguard Images are hardened using most common industry benchmarks and frameworks, for Redis, this means we:

  • Run as a non-root user
  • Only include necessary packages
  • Scan the images continuously and rebuild for security updates

In addition to the standard scan/rebuild process, Chainguard builds all dependencies from source. This means we don’t have to wait for upstream patches to become available, we are the upstream. We can also mark CVEs that are not applicable in our images as invalid directly in our security database, which is automatically ingested by most major container scanning products.

The end result is a small, hardened container with fewer CVEs than the other options. The numbers speak for themselves – the Chainguard Redis image comes in at just 13.3MB, which is nearly a 71% average size reduction from most other Redis images available today.

-- CODE language-bash -- $ docker images --format="{{.Repository}}:{{.Tag}} {{.Size}}" | grep redis cgr.dev/chainguard/redis:latest 13.8MB bitnami/redis:latest 95.4MB redis:bullseye 111MB redis:alpine 30.3MB rapidfort/redis:latest 23.3MB

In addition to size reduction, our Chainguard Image returns zero-known CVEs when compared with other Redis images.

-- CODE language-bash -- trivy image cgr.dev/chainguard/redis:latest 2023-01-04T13:26:39.189-0700 INFO Vulnerability scanning is enabled 2023-01-04T13:26:39.211-0700 INFO Detected OS: wolfi 2023-01-04T13:26:39.211-0700 INFO Detecting Wolfi vulnerabilities... 2023-01-04T13:26:39.214-0700 INFO Number of language-specific files: 0 cgr.dev/chainguard/redis:latest (wolfi 20221118) Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

To further put this into perspective, one of the scans we completed on a Redis image uncovered a total of 79 known vulnerabilities.

As always, the binaries in our Images are built from source and come with comprehensive and SBOMs from the start. These SBOMs contain the package metadata for everything in the Image and can be used for vulnerability scanning or license compliance. You can download the SBOMs for these containers with cosign:

-- CODE language-bash -- $ cosign download sbom --platform=linux/amd64 cgr.dev/chainguard/redis | head -n 30 { "SPDXID": "SPDXRef-DOCUMENT", "name": "sbom-sha256:4bf530ff855641e4e6a0032f53232be8e92c2fe9ef8b808ebcffe92517888c93", "spdxVersion": "SPDX-2.3", "creationInfo": { "created": "2022-12-29T14:56:39Z", "creators": [ "Tool: apko (canary)", "Organization: Chainguard, Inc" ], "licenseListVersion": "3.16" }, "dataLicense": "CC0-1.0", "documentNamespace": "https://spdx.org/spdxdocs/apko/", "documentDescribes": [ "SPDXRef-Package-sha256-1e6c77536fea02d5d6010219dee8526bda0dc2ba55c67065e436268a1a7295ee" ], "files": [ { "SPDXID": "SPDXRef-File-/bin/busybox", "fileName": "/bin/busybox", "licenseConcluded": "NOASSERTION", "checksums": [ { "algorithm": "SHA1", "checksumValue": "61a21d1bd4325626ae2b9d4d62f326aa81232b71" }, { "algorithm": "SHA256", "checksumValue": "82f9f0eb346c1e0e3c23178d55da6ed52e5fbf66930691a88f83ed87b18061fa"

If you want to see upwards of an 87% reduction in your Redis Image sizes with more security built in by default start using Chainguard’s Redis Image today at github.com/chainguard-images, or get started with our Redis image using documentation in Chainguard Academy. Chainguard Images are now available for Bazel, curl, Git, Go, Jenkins, Postgres, Ruby and more. We currently offer our public Chainguard Images catalog for no cost to users, which includes features like SBOMs, signatures and SLSA Build Level 2 provenance information. If your organization requires patching SLAs, older version support or Images for compliance requirements, we offer Standard and Custom subscription tiers. Contact our team to learn more. 

We are always looking for ways to improve our end user experience. If you have feedback or would like to submit a support issue you can reach out to us directly or file it here

Update on our Chainguard Images Catalog: On August 16, 2023, we will be making changes to how Chainguard Image tags are pulled. Please see this announcement for further details about accessing our free, public Image catalog. 

Related articles
Product
An update on Chainguard Images FIPS Validation
September 13, 2023
Product
Announcing a Chainguard Image for OpenTF
September 6, 2023
Product
Update for Chainguard Images Users on HashiCorp License Changes
September 1, 2023
Products

Chainguard Images

Chainguard Enforce

Chainguard Services

Developer

Open source

Docs

Resources

Unchained blog

Chainguard Labs

Customer stories

Scanners

Security

Education

Company

About

Newsroom

Careers

Legal

Contact

Follow

Twitter

GitHub

LinkedIn

TikTok

© 2023 Chainguard, Inc.

Contact