Product

Chainguard Images April 2024: Secure, reliable, feature-rich

Jordi Mon Companys, Senior Product Marketing Manager
May 9, 2024
copied

At Chainguard, we're devoted to revolutionizing software supply chain security and visibility. We do so by providing low-to-zero CVE container images for all open source projects. Chainguard Images are hardened and minimal too, which protects you now and future-proofs your supply chain down the line.

This April, we're excited to announce the release of approximately 60 new Chainguard Images, each designed to enhance your projects' security and reliability. This makes it our biggest image release so far. Among the images listed below you’ll find FIPS versions of the same images (one of the reasons why the table below doesn’t have 60 rows).

You can find plenty of information in Chainguard Academy about how we make our container images compliant with FIPS 140 standards but, in a nutshell, we ship them with version 3.0 of the OpenSSL FIPS module that has been validated for FIPS 140-2. Below, we’ve included a ✅ in the FIPS column to indicate which Chainguard Images have a FIPS version available.

April’s complete Chainguard Image batch

IMAGE IMAGE TYPES FIPS?
Harbor core App
Harbor Registry App
Harbor Portal App
Harbor Registry ctl App
Harbor Jobservice App
Harbor Trivy adapter App
Velero plugin for Container Service Interface (CSI) App
Velero plugin for AWS App
rstudio App
Multus CNI App
PowerDNS webhook for cert-manager App
AWS command line version 2 App
Postgres operator App
Grafana App
Opentelemetry collector App
Squid proxy App
Prometheus exporter and Grafana template for NeuVector App
ArdoCD extension installer (init-containers) App
StatsD integration into New Relic App
Cortex: storage for Prometheus App
Tesseract OCR App
Postgres with bitnami compliance App
FFmpeg App
Node feature discovery for Kubernetes App
Addon resizer for Kubernetes App
Step Certificate Authority (CA) App
Command line to build PKIs for Step CA App
Certificate issuer for Step CA App
Vertical pod autoscaler for Kubernetes App
Vertical pod autoscaler recommender for Kubernetes App
Vertucal pod autoscaler admission controller for Kubernetes App
Karpenter App
Local volume node cleanup App
Local volume provisioner App

April's featured Chainguard Images

Among these releases, we're particularly thrilled to introduce our new images for the R programming language’s most famous integrated development environment (IDE), rstudio. Harbor is a secure cloud native registry for Kubernetes. FFmpeg is for all things video and audio in the command line. Tesseract is a nifty OCR technology. And, finally, Valkey is the Linux Foundation supported Redis fork.

1. rstudio:

  • Overview: rstudio is an IDE for the R programming language, widely used for statistical computing and data analysis.
  • What's new: Our rstudio Chainguard Image comes with the latest security patches and performance optimizations, ensuring a secure and efficient environment for your R projects. This is particularly noteworthy and timely given the recent vulnerability in R (of which Chainguard Images were not affected).
  • Use cases: Perfect for data scientists, researchers, and developers working with R in enterprise settings that require high levels of security and reliability.

IMAGE CVEs (critical | high) SIZE (GB)
rstudio image 176 (0 | 7) 2.17
rstudio Chainguard Image 0 1.3

2. Harbor:

  • Overview: Harbor is a trusted cloud native repository for Kubernetes, providing a secure and efficient way to manage and distribute container images.
  • What's new: The Harbor Chainguard Image set is built from the ground up with security in mind, featuring FIPS compliance and a minimal attack surface.
  • Use cases: Ideal for organizations running Kubernetes in production environments, particularly those in regulated industries such as finance and healthcare among others.

IMAGE CVEs (critical | high) SIZE (GB)
bitnami Harbor core 108 (1 | 6) 218
Harbor core Chainguard Image 0 59.1

3. FFmpeg:

  • Overview: FFmpeg is a powerful multimedia framework for handling video, audio, and other multimedia files and streams from the command line. 
  • What's new: Our FFmpeg Chainguard Image is optimized for performance and security with a reduced footprint and up-to-date security patches.
  • Use cases: Essential for projects involving video and audio processing, transcoding, and streaming, especially in environments with strict security requirements.

IMAGE CVEs (critical | high) SIZE (GB)
Intel FFmpeg 152 (0 | 49) 306
FFmpeg Chainguard Image 0 39.7

4. Tesseract:

  • Overview: Tesseract is an open source optical character recognition (OCR) engine, used for extracting text from images and documents.
  • What's new: The Tesseract Chainguard Image is built with the latest security fixes and optimizations, ensuring accurate and secure OCR processing.
  • Use cases: Valuable for applications involving document digitization, text extraction, and automated data entry, particularly in security-conscious organizations.

IMAGE CVEs (critical | high) SIZE (GB)
Intel Tesseract 7 (0 | 2) 1.22
Tesseract Chainguard Image 0 0.212

5. Valkey:

  • Overview: Valkey is a Kubernetes-native secret manager that enables secure storage and management of sensitive information. It’s also a Linux Foundation supported Redis fork.
  • What's new: Our Valkey Chainguard Image is designed with security at its core, featuring FIPS compliance and a hardened runtime environment.
  • Use cases: Critical for organizations managing sensitive data in Kubernetes, especially those operating in regulated industries or with strict security requirements.

IMAGE CVEs (critical | high) SIZE (GB)
bitnami Valkey 100 (1 | 6) 168
Valkey Chainguard Image 0 20.2

GIF showing how to download Chainguard's Valkey Image with low-to-no CVE count and minimal size.

Chainguard Images provide a trusted platform and partnership

As you explore our latest releases, consider how these secure, reliable, and feature-rich Chainguard Images can elevate your projects' security posture and streamline your development processes.

But don’t take our word for it — trust our client’s. Snowflake says:

Chainguard Images allowed us to get the best of both worlds — we're able to go faster and build on top of really powerful open source platforms, but we also get the security assurance that Chainguard is able to provide us by giving us hardened, secure images.

       Brandon Sterne, Senior Manager of Product Security, Snowflake

Join us in our mission to revolutionize software supply chain security, one container image at a time. Stay tuned for more exciting releases in the coming months. In the meantime, visit https://images.chainguard.dev/ and browse through our more than 700 Chainguard Images.

Related articles

Ready to lock down your supply chain?

Talk to our customer obsessed, community-driven team.