When OpenSSL released security advisories for two vulnerabilities in November 2022, Chainguard released images with fixes for any one that contained the vulnerable version of OpenSSL. Users of any Chainguard Image that depend on OpenSSL have one action to take: update to the latest image, and expect fixes to be applied and made available quickly.
Others are also following suit: Tailscale, along with open source projects TektonCD and ko, have started using Chainguard Images to mitigate vulnerabilities and minimize their attack surfaces. Vietnam-based VPBank has gone beyond to also adopt Chainguard solutions across their systems to root them in secure by default measures, according to Head of Technology Platform Tuan Anh Tran:
NTK About Chainguard Images
Chainguard Images is a collection of container images designed for minimalism and security. The collection includes images covering a wide range of use cases, including base images, compilers, runtimes and applications.
Chainguard constantly scans images for vulnerabilities and rebuilds with the latest security updates. As dependencies are rebuilt from source, we can quickly apply updates and release new images without waiting for updates to Linux distribution packages. Updates to packages are reflected in a security database, which is used by most major scanning products. The end result is a small, hardened container image with zero – or as close as possible – known CVEs.
Chainguard Images are built on Wolfi, our Linux (un)distribution, making the images minimal, secure-by-default, and up-to-date. They’re also based on glibc, making them compatible with most other applications and extensions.
Get started–and let us help
At Chainguard, we are committed to building high-quality, trustworthy base images and focus on building secure software that has the tooling necessary to make remediation faster and more seamless by rooting it in secure by default measures. When the next vulnerability affects another common dependency, you can trust Chainguard Images to clearly show when they're vulnerable, and when they're not, and to quickly apply any security fixes and make them available to you as soon as possible.
Chainguard Images are available for Bazel, curl, Git, Go, Jenkins, Postgres, Prometheus, and more. We have also recently added builds for Ruby 3.2 and Redis 7. Try out any of our Images today at github.com/chainguard-images, or get started using documentation in Chainguard Academy. If you’re interested in support contracts, SLAs for vulnerabilities, FIPS-enabled images, or support for custom images or older versions, reach out to our team.