Chainguard keeps a fresh copy of most open source projects. With that source, we are able to declaratively rebuild container images every day.
However, we don’t just keep a direct copy of the project’s releases — after all many projects don’t publish source directly — but binaries, helm charts, or any other packaging format.
We keep a copy of the source code divided up into composable building blocks. Packages. Almost 2,000 of them compose our distro called Wolfi. Wolfi, the name we give to this set of packages and the tools to build them, is able to package container images with any new release published in GitHub in less than 24 hours.
Having a composable copy of the source code allows us to understand the ins and outs of it. We can, as we seek to do, proactively look for vulnerabilities and bloat throughout the packages and all of its dependencies. And that is exactly what we do.
Chainguard is the safe for open source precisely because we’ve built a container image toolchain from the ground up with security embedded everywhere, and it’s faster than any other distro to propagate patched updates to our customers. And we are only getting faster and faster.
Which Chainguard Images did we release in February? Selenium and then some.
Selenium is everywhere. Selenium's significance in the software development and testing arena cannot be overstated.
Since its inception by Thoughtworks in 2004, Selenium has evolved from a simple JavaScript-based testing framework into a comprehensive suite that supports various programming languages including PHP, Python, Ruby, .NET, Perl, and Java.
It was famously used at Google under the concept of a "Selenium Farm" with which developers could leverage this private cloud to test their applications extensively, ensuring high quality and optimal performance.
This evolution has greatly expanded Selenium's accessibility and utility to developers across different technology stacks, making it a versatile tool for web application testing.
Its ability to facilitate cross-browser and cross-platform testing is particularly noteworthy. This ability to execute parallel tests across various environments not only accelerates the development cycle, but also enhances the reliability and robustness of web applications.
We are remarkably proud of releasing Selenium in a CVE-free, minimal container image.
Selenium’s image
Chainguard’s Selenium Image
Note first the difference in size. But what truly stands out most is the difference in vulnerabilities reported by Grype.
Vulnerabilities in testing frameworks like Selenium highlight the need for secure development practices, regular security assessments, and prompt patching of known vulnerabilities to mitigate risks. Exploiting vulnerabilities in Selenium or its infrastructure can lead to multiple negative outcomes. It’s a critical piece of software development practices that tends to be overlooked.
There have been reported cases of notorious exploitation of Selenium vulnerabilities. One such case involved a Remote Code Execution vulnerability in Selenium 3.141.59, specifically affecting Firefox. Other cases involve instances where Selenium WebDriver was used to exploit Cross-Site Scripting vulnerabilities on websites.
Additional Chainguard Images released in February
Apart from hardening Selenium and providing a secure way of using it in a container runtime, the Chainguard team has been busy securing other super popular cloud native projects like:
- Argocd and ArgoCD FIPS
- Cassandra Medusa and Cassandra Medusa FIPS
- Cassandra Reaper
- Dex and Dex FIPS
- Selenium
- Filebeat
- Kafka
- Keda adapter and Keda adapter FIPS
- Keda and Keda FIPS
- Logstash with opensearch
- Logstash exporter
- Minio and Minio FIPS
- Opensearch
- RabbitMQ and RabbitMQ FIPS
- Traefik and Traefik FIPS
- Gotenberg
- sigstore-policy-controller-fips
You can see in the images below that ArgoCD’s official image (top) has many vulnerabilities while Chainguard’s version (bottom) has none:
ArgoCD’s image
Chainguard’s ArgoCD Image
You can try out this comparison yourself for the other images we recently introduced. If you try it out and like what you see feel free to post the results.
Chainguard Images are here to fortify your security while keeping your devs at speed. The software bundled in these Chainguard Images solve for innovation use cases in myriads of cloud native companies, and get your development and security folks working smarter on what really matters in your business.
If you want to know more, contact us and let's chat about strengthening your container security game with Chainguard Images!
