In May 2023, we announced a 90-day notice for changes coming to our Chainguard Images public catalog. If you are currently using Images in the public catalog, please review these important changes that will begin rolling out today, August 16.
What’s changing starting today?
We’ve released helpful how-to guides, video tutorials and best practices for public catalog users of Chainguard Images navigating these changes:
Reminders about authentication
In our previous announcement about these changes, we also provided updates encouraging users to pull Public Chainguard Images by authenticating to the Chainguard Registry. Users can continue to pull :latest images anonymously, but will need to authenticate in order for us to provide notifications of version updates, breaking changes, or critical security updates.
To set up an account for authenticated access to Chainguard Images, follow these steps:
We also provide a number of options for authenticating, including integrated support for GitHub Actions and several other CI systems, pulling from Kubernetes, and even setting up federation using your organization's OIDC provider. See here for more information.
Logging in to access Chainguard Images in the public catalog is optional, but it will be the primary mechanism we will use to notify users of upcoming changes moving forward. Logging in will also give users access to browse our Images in the Chainguard platform.
Why are you making these changes now?
Since we introduced Chainguard Images just over a year ago, we’ve seen developer and security teams benefit from their hardened security posture, reduced attack surface and daily version updates that help save time spent patching CVEs to focus on business priorities and innovation. In fact, recent research from Chainguard Labs found that popular container images, when not updated, accumulate one known vulnerability per day. Ultimately, not updating your base images can mean more vulnerabilities in the long run, introducing significant security costs.
If you're interested in our paid Chainguard Images catalogs, reach out to our team for more information. Our Images inventory is always expanding and if you need something you don’t see listed in our catalog, we can build custom bundles or single-custom images.
If you find that today’s changes impact how you are using the Chainguard Images public catalog, please reach out to our team and we will work with you to ensure a smooth transition. If you are an open source project and are interested in using Chainguard Images, we would love to discuss how we can support you and your project needs. You can also sign up for our weekly Chainguard Images office hours with our team during AMER and EMEA hours to ask questions, see demos, learn best practices and more.
Our goal is to continue to build upon our secure baseline foundation with Chainguard Images and offer even more value to our users as they look for developer-first tools that secure the software supply chain by default. Stay tuned for more news soon for enterprises and open source projects that want to benefit from the Chainguard Images ecosystem, including upcoming announcements for our Registry and Wolfi.