Sign inContact usTry it out
Sign inContact usTry it out

Hopping Into Spring With Chainguard’s RabbitMQ Image

Dan Lorenc
February 24, 2023

Today we're announcing a Chainguard Image for RabbitMQ. RabbitMQ is an open-source message broker that’s commonly used as part of cloud-native applications. It has over 10k stars on GitHub and we even use it as part of our Chainguard Enforce platform.

The Chainguard build of RabbitMQ is based on the Wolfi undistro – meaning we bootstrap the entire toolchain ourselves. If you know much about RabbitMQ, you’ll quickly realize this means that we also had to build our own versions of Erlang and OTP, which form the memory-safe, high-performance backend that powers the RabbitMQ server. These are built using Wolfi’s best-in-class compiler hardening features and performance optimizations, providing a solid foundation for RabbitMQ itself.

As always, the Chainguard RabbitMQ Image is continuously patched to ensure it has minimal CVEs, instead of hundreds like some of the others.

To get started, you can run the image with:

-- CODE language-bash -- docker run -p 5672:5672 --rm 2023-01-02 00:11:37.199274+00:00 [notice] <0.44.0> Application syslog exited with reason: stopped 2023-01-02 00:11:37.206489+00:00 [notice] <0.229.0> Logging: switching to configured handler(s); following messages may not be visible in this log output ## ## RabbitMQ 3.11.5 ## ## ########## Copyright (c) 2007-2022 VMware, Inc. or its affiliates. ###### ## ########## Licensed under the MPL 2.0. Website: Erlang: 25.2 [jit] TLS Library: OpenSSL - OpenSSL 3.0.7 1 Nov 2022 Release series support status: supported Doc guides: Support: Tutorials: Monitoring: Logs: /var/log/rabbitmq/rabbit@02bee2143fb7.log /var/log/rabbitmq/rabbit@02bee2143fb7_upgrade.log Config file(s): (none) Starting broker... completed with 0 plugins.

The image also supports the standard configuration files and environment variables:

-- CODE language-bash -- RABBITMQ_CONFIG_FILE=/etc/rabbitmq/rabbitmq.conf RABBITMQ_ADVANCED_CONFIG_FILE=/etc/rabbitmq/advanced.config RABBITMQ_CONF_ENV_FILE=/etc/rabbitmq/rabbitmq-env.conf

As always, the binaries in our Images are built from source and come with comprehensive and SBOMs from the start. These SBOMs contain the package metadata for everything in the image and can be used for vulnerability scanning or license compliance. You can download the SBOMs for these containers with cosign:

-- CODE language-bash -- $ % cosign download sbom --platform=linux/amd64 Found SBOM of media type: spdx+json { "SPDXID": "SPDXRef-DOCUMENT", "name": "sbom-sha256:a5d9e5df5ea7c280157dbcd81b1d5b1a6334fea4366fee3494a2a77b901bc187", "spdxVersion": "SPDX-2.3", "creationInfo": { "created": "2023-02-21T00:11:14Z", "creators": [ "Tool: apko (canary)", "Organization: Chainguard, Inc" ], "licenseListVersion": "3.16" }, "dataLicense": "CC0-1.0", "documentNamespace": "", "documentDescribes": [ "SPDXRef-Package-sha256-fba7c2f1c16bcb3206b63eac453fd793236f19a41d095855b6cfd3414f895c21" ], "files": [ { "SPDXID": "SPDXRef-File--usr-lib-locale-C.utf8-LCC95ADDRESS", "fileName": "/usr/lib/locale/C.utf8/LC_ADDRESS", "licenseConcluded": "NOASSERTION", "checksums": [ { "algorithm": "SHA1", "checksumValue": "12d0e0600557e0dcb3c64e56894b81230e2eaa72" }, { "algorithm": "SHA256", "checksumValue": "26e2800affab801cb36d4ff9625a95c3abceeda2b6553a7aecd0cfcf34c98099" }, { "algorithm": "SHA512", "checksumValue": "d38b225e8204e1e85e6c631481f46d0b8fca8cf8d8dfc290f00adb15b605959f91f0d55dc830fdd82c22f916140090928e44f1b5123facac135705cc81df00b0" } ] }, { "SPDXID": "SPDXRef-File--usr-lib-locale-C.utf8-LCC95COLLATE", "fileName": "/usr/lib/locale/C.utf8/LC_COLLATE", "licenseConcluded": "NOASSERTION", "checksums": [ { "algorithm": "SHA1", "checksumValue": "f245e3207984879d0b736c9aa42f4268e27221b9" }, { "algorithm": "SHA256", "checksumValue": "47a5f5359a8f324abc39d69a7f6241a2ac0e2fbbeae5b9c3a756e682b75d087b" },

Get started using Chainguard’s RabbitMQ Image today at, or get started with our RabbitMQ image using documentation in Chainguard Academy. All Chainguard Images minimize the software components included, helping shrink your image size by 80% on average, reducing your attack surface. Chainguard Images are now available for Bazel, curl, Git, Go, Jenkins, Postgres, Ruby and more. If you’re interested in support contracts, SLAs for vulnerabilities, FIPS-enabled images, or support for custom images or older versions, please reach out

We are always looking for ways to improve our end user experience. If you have feedback or would like to submit a support issue you can reach out to us directly or file it here.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

More articles

Don’t break the chain – secure your supply chain today!