Chainguard Images now available to government agencies on U.S. Air Force Platform One

Wolfi, the first community (un)distro for software supply chain security, has been accepted into Platform One, the U.S. Air Force’s (USAF) DevSecOps platform. Chainguard Images, including Python and Node, are now available on Platform One through Iron Bank, its authorized container repository. Chainguard is setting the standard for lightweight, hardened base images that deliver faster builds and deploys using less resources and aiming for zero-known vulnerabilities.

Platform One is a Department of Defense (DoD)-wide enterprise service to accelerate the development and deployment of DevSecOps applications. It is a "collection of approved, hardened Cloud Native Computer Foundation (CNCF)-compliant Kubernetes distributions, infrastructure as code playbooks, and hardened containers." Now any U.S. government agency can use Chainguard Images in their own DevSecOps environments or via Platform One— reducing their attack surface and the burden of CVE triage on developer teams and in turn giving back time and resources to the mission.

‍

The massive push for software supply-chain integrity and transparency has left organizations struggling to secure their pipelines and manage vulnerabilities. Existing tooling doesn’t support supply chain security natively and requires users to bolt on critical features like signatures, provenance, and software bills of material (SBOM).

‍

It’s this critical gap in tooling that inspired the engineers at Chainguard to build Wolfi, now the second distro ever to be accepted by Platform One. Wolfi was designed from the ground up to produce container images that meet the requirements of a modern secure supply chain and aim for zero-known vulnerabilities.

‍

The key features of Wolfi are:

• Provides a high-quality, build-time SBOM as standard for all packages

• Packages are designed to be granular and independent, to support minimal images

• Uses the proven and reliable APK package format

• Fully declarative and reproducible build system

• Designed to support glibc and musl

‍

All Chainguard Images are supported by Wolfi and aggressively minimize the software components included. The smaller size reduces complexity and delivers faster builds and deploys. The reduced number of packages mean vulnerabilities accumulate slower even on pinned images.

‍

Built with glibc for full compatibility, featuring ARM and x86-64 support.

Learn more about Chainguard Images and Wolfi here. If you are interested in leveraging Chainguard Images through Iron Bank please reach out and we will assist you.