Wolfi, the first community (un)distro for software supply chain security, has been accepted into Platform One, the U.S. Air Force’s (USAF) DevSecOps platform. Chainguard Images, including Python and Node, are now available on Platform One through Iron Bank, its authorized container repository. Chainguard is setting the standard for lightweight, hardened base images that deliver faster builds and deploys using less resources and aiming for zero-known vulnerabilities.
Platform One is a Department of Defense (DoD)-wide enterprise service to accelerate the development and deployment of DevSecOps applications. It is a "collection of approved, hardened Cloud Native Computer Foundation (CNCF)-compliant Kubernetes distributions, infrastructure as code playbooks, and hardened containers." Now any U.S. government agency can use Chainguard Images in their own DevSecOps environments or via Platform One— reducing their attack surface and the burden of CVE triage on developer teams and in turn giving back time and resources to the mission.
The massive push for software supply-chain integrity and transparency has left organizations struggling to secure their pipelines and manage vulnerabilities. Existing tooling doesn’t support supply chain security natively and requires users to bolt on critical features like signatures, provenance, and software bills of material (SBOM).
It’s this critical gap in tooling that inspired the engineers at Chainguard to build Wolfi, now the second distro ever to be accepted by Platform One. Wolfi was designed from the ground up to produce container images that meet the requirements of a modern secure supply chain and aim for zero-known vulnerabilities.
The key features of Wolfi are:
All Chainguard Images are supported by Wolfi and aggressively minimize the software components included. The smaller size reduces complexity and delivers faster builds and deploys. The reduced number of packages mean vulnerabilities accumulate slower even on pinned images.
Built with glibc for full compatibility, featuring ARM and x86-64 support.