People Listen to People, Not Brands

Of course, Chainguard is THE goto for base images, high quality software and a strong chain of custody. I can’t imagine people are still using alpine, there should be some more awareness towards image security!

Sure you’ve got scratch, ko for Go images and Google’s distroless for various other runtimes, but for truly streamlining it across polyglot repos is only possible with something like Wolfi if you want to achieve enterprise grade production, FedRamp FIPS compliance and with good SLAs.

This can only be achieved with Chainguard at least these days :-)

Another monthly vulnerability report to FedRAMP and DoD IL5 for our ATO Continuous Monitoring and another month with 0 FRICKING CVEs!

Who can top that?

I know no AI product that has 0 CVE in their entire stack.

Who even remotely competes with Ask Sage, Inc.? Nobody.

Thanks Chainguard for making this happen with us!

Guys. Chainguard is worth every penny.

I got to go on a date with my wife last night because I didn't have to remove CVEs from my container images.

This is huge. Finally a vendor that provides pre STIG'd images that both supports and maintains them. The overhead that companies incur for this work is massive. Often its duplicated across product teams for the same applications and containers.

This is way beyond what Ironbank does which is typically containers based on OS images. The surface area in these images are still huge simply due to the fact that the base image was designed for hardware and VMs. They're not stripped like container images should be. That burden still fell on the engineers who use those images.

No matter how much time we spend securing our codebase, and how much time I spend demoing and encouraging teams to use tooling like GitHub Advanced Security Code Scanning, we are still plagued by the underlying CVEs and vulnerabilities in the base docker images we use that impact our attack surface area! We seem to have gotten used to "living" with the identified CVEs in those images - I know I have... "not my problem" right? Sure, until you live the potential reality that exposure may bring! Very excited to learn about Chainguard's curated set of images (thanks to Levi Geinert for the tip). This looks pretty refreshing! https://lnkd.in/gskNjizA Are you using it? Are there other alternatives?

perfect timing as Zarf just added @chainguard_dev base images. Love what your doing and the value you are providing to the greater community.

Game changer? Not many reasons not to use @chainguard_dev images now.

Rockin 0 CVEs in my base images due to Chainguard and now got an awesome shirt to tell the world! Sure there’s other ways to achieve this, but the effort on my end is minimal and I don’t have to worry about the sources of the packages. I’m not normally one to boast about a specific vendor, but 🤯. #kubecon2023 #supplychainsecurity #vulnerabilities #easypeasy

My life feels so much more relaxed since I started using Chainguard images :-)‍

@chainguard_dev @adrianmouat #WTFisSRE

Chainguard really does look like it can transform the software supply chain for the greater good - just needs more eyes on it and commitment to adopt; I see almost no reason not to migrate services to these images; especially when there are like for like images available with what you need. Swapping a single line in your Dockerfile with a different source for your base image is all that is needed.

Putting #security and minimalism first -

I migrated Luminous Onion from a vulnerable base image to Chainguard's image built with #Wolfi dropping the vulnerabilities to a manageable 0 count! All with only 2 lines of code changed. Yes, it's really that easy!

Highly recommend checking out Chainguard images for your projects.

I really love what @chainguard_dev is doing with Wolfi. https://github.com/chainguard-dev/wolfi-os I'll definitely be using it for anything that doesn't work on scratch.

"Stop shifting left. Start left". Love that. #DevSecOps