Changes to static, Git, and BusyBox Developer Images
We’re making changes to the static, git, and BusyBox Chainguard Developer Images to improve the security posture of these Images. For most users, these changes will have no effect and require no changes. The affected images are:
cgr.dev/chainguard/static:latestcgr.dev/chainguard/git:latest, cgr.dev/chainguard/git:latest-root, cgr.dev/chainguard/git:latest-dev, and cgr.dev/chainguard/git:latest-root-devcgr.dev/chainguard/busybox:latest
The change we are making is to move these images from an Alpine Linux base to a Wolfi base on July 15, 2024. Going forward, all images on cgr.dev will be Wolfi-based.
The Wolfi-based images are available now for people to test and verify there are no breakages. The following tables list the images that are changing on the left, and the equivalent Wolfi images on the right. From July 15, these tags will point to the same images.
For the Chainguard Registry cgr.dev:
CURRENT ALPINE-BASED IMAGE (CHANGING ON JULY 15 TO WOLFI-BASED) | WOLFI EQUIVALENT IMAGE |
|
|
|
|
|
|
|
|
|
|
|
|
And for the Docker Hub Registry:
CURRENT ALPINE-BASED IMAGE (CHANGING ON JULY 15) | WOLFI EQUIVALENT IMAGE |
|
|
|
|
|
|
|
|
|
|
|
|
For the vast majority of users, this change should have no impact on how you are using Chainguard Images. If you are using the Git, static, or BusyBox images, we recommend you confirm that your software is not impacted by swapping out and testing the relevant Wolfi-based image prior to the change.
What’s changing?
If you use an architecture that isn't supported by Wolfi, these changes will impact you. Wolfi-base images are only built for arm64/aarch64 and x86_64/amd64. It is also possible that some users may be relying on Alpine specific behavior or copying binaries compiled against Alpine dependencies into images. This won't be the case for the vast majority of users, but please make sure to test the new images, especially if you are doing anything unconventional with your use case.
After the change on July 15, 2024, both tags will point to the same, Wolfi-based image. As the tags in the right-hand column of the above tables will continue to exist after the change, you can update your tags now and leave them.
While the best option for most people will be to move to Wolfi-based Chainguard Developer Images, we have made available some Alpine-based images on the ghcr.io registry. If you face issues with an unsupported architecture or an unexpected issue with the Wolfi-based images, these images may be the right solution for you at this time.
ALPINE-BASED IMAGES |
|
|
|
|
Please note that while we intend for ghcr.io images to be available long-term, they will be updated using commercially reasonable efforts, and will not receive monitoring and will not be synced to Docker Hub.
Why are you making these changes?
When we first started building Chainguard Images, we experimented with Alpine Linux as a base, before developing our own Wolfi Linux distribution. We now have over 650 images available in our Images Directory and nearly all of them are based on Wolfi. Providing a consistent experience for our users that is built on Wolfi is our priority going forward.
After this change on July 15, 2024, if you're on cgr.dev/chainguard or docker.io/chainguard, you will be using a Wolfi-based Chainguard Image. Providing all Images on the Wolfi Linux distribution, which we created here at Chainguard, allows us to have greater control over the security and quality of packages that are used in Chainguard Images. This enables us to mitigate CVEs that occur in Wolfi packages quickly and effectively, so that we don’t need to rely on releases or updates from third parties like the Alpine Linux distribution.
If you are an existing Chainguard Images customer and believe you are impacted by these changes, please reach out to Chainguard Support. If you are a free Developer tier user, please open an issue on the images repository if you run into problems migrating. We offer Migration Guides on Chainguard Academy that include an Alpine compatibility reference for migrating to Wolfi.
Share this article
Related articles
- News
Chainguard Joins IBM PDE Factory to Advance Trusted Open Source Software for Public Sector Missions
Chainguard joins IBM’s PDE Factory to deliver secure, zero-CVE containers for government agencies, accelerating compliance, modernization, and innovation.
Tom White, Senior Director, Public Sector Partnerships
- News
Chainguard + Booz Allen: Delivering Trusted Open-Source Software to U.S. Government Agencies
Chainguard and Booz Allen partner to help federal programs eliminate vulnerabilities, save engineering time, and accelerate compliance timelines.
Tom White, Senior Director, Public Sector Partners
- News
Chainguard Named on the Cloud 100 and a Best Workplace in 2025
Chainguard has been recognized by the Forbes Cloud 100, Fortune Best Workplaces in Technology, and received a Great Place to Work certification.
Liz Egan, Chief Marketing Officer
- News
The Chainguard Slack Community is Here!
Chainguard has created a Slack community to foster a direct connection with the team, engage with your peers, and get the latest updates on Chainguard news.
Kirby Koo, Corporate Marketing
- News
Exploring the Chainguarden at Black Hat USA 2025
See what Chainguard was up to at Black Hat USA 2025, from a garden-themed booth to several engaging activations with organizations like Vanta and Orca Security.
Courtney Bennett, Director, Strategic Events
- News
Scaling Trust Through Partnership: Introducing the Chainguard Partner Program
The Chainguard Partner Program is a global initiative to empower our channel partners to deliver trusted open source software to customers around the world.
Dirk de Vos, Senior Partner Manager, Mat Thomas, Senior Partner Manager, Rob Baumhardt, Senior Director, Channels, and Rob Finn, VP of International Sales