I love how #Chainguard Images continues to patch security issues before there is even a #CVE issued.
- #CVE-2023-38403 (#iperf3): Patched same day as announcement (8 days before CVE)
- #CVE-2023-3446 (#openssl): Patched same day as announcement
- #CVE-2023-38408 (#openssh): Patched same day as announcement
That's the beauty of automation and testing.
#openssh #openssl #iperf3 #cve #chainguard
Anyways, the last part of today's research dive was more #Docker.
The most interesting discovery was #distroless images. I was familiar with #Alpine #Linux, but I hadn't really stumbled across distroless yet. Specifically I noticed that #Envoy shipped a distroless image, but neglected to really explain it short of "it's faster and better".
Google's distroless project is limited to standalone application runners (Node, Java), but #ChainGuard has their #Wolfi images that cover more bases. ๐
#docker #distroless #alpine #linux #envoy #chainguard #wolfi
It absolutely blows me away how much smaller the #CVE surface area is for #Chainguard #Images versus the mainstream container images for popular opensource projects:
python: 647 vulns
cgr.dev/chainguard/python: 0
nginx: 78 vulns
cgr.dev/chainguard/nginx: 0
Now, granted many of these CVEs are worthless, but who wants to track and manage that kind of noise? Not me!
I'd also complain about the lack of #SBOMs in the upstream opensource projects, but the tooling still sucks there.
#SBOMs #images #chainguard #cve
New #Chainguard Academy tutorial up! Learn how to get started with the #Node @wolfi image in this step-by-step guide:
https://edu.chainguard.dev/chainguard/chainguard-images/reference/node/getting-started-node/
An event organized by @chainguard_dev at #CrowdCast about getting started to @wolfi and the tech stack #apko + #melange behind it is now available on #chainguard's YouTube channel ๐ Do not forget to watch it if you missed the event ๐ซ
https://www.youtube.com/watch?v=2pqhLXA6NaI
#crowdcast #apko #melange #chainguard
If you missed the Twitter space organized by @chainguard_dev about the #SoftwareSupplyChainSecurity Recap of 2022 and Predictions for 2023, don't worry, there is always been a recording ๐ฅณ
Don't forget to check #chainguard academy: https://edu.chainguard.dev
โซ https://twitter.com/i/spaces/1ynJOamPQnVKR?s=20
#softwaresupplychainsecurity #chainguard
Bike of the day.
At a train station in front of this overflowing bike rack in Joensuu, Finland stands an old, worn black bicycle with a shiny, silver, chain guard intricately styled.
#BikeOfTheDay #Finland #ChainGuard #MyPhto #Photography #Bicycles #Bike
#bikeoftheday #finland #chainguard #myphto #photography #bicycles #bike
Does anyone know if you can get chain guards for Kalkhoff bikes? #Kalkhoff #Chainguard #Help
I realized I didn't introduce myself here, so here goes my #introduction post ๐
I'm a software engineer (#PHP, some Ruby, shell) especially interested in #Linux, #devOps, and #technicalWriting . Currently working as Developer Experience Engineer at #Chainguard, previously DigitalOcean. Most of all, I am passionate about open source and about explaining complex things in a simple way.
On my free time I like to tinker with #3DPrinting, play games (#SteamDeck ๐) and spend time with my family.
#introduction #php #linux #devops #technicalwriting #chainguard #3dprinting #SteamDeck
I am in a Zwickmรผhle.
My static #Chainguard distroless #Docker image contains my #Golang app.
But my linters tell me to please use a non-root user in the Dockerfile.
What to do :D ?
@kelbot @robert588 @apiziali @darkstar@mastodon.nl @gemlog @pizza_pal@mastodon.social Near final repair done!! Added the #chainguard #bike #decal. Just need a #reflector.
#chainguard #bike #decal #reflector