People Listen to People, Not Brands
Here are real developers and security professionals who are fans of Chainguard Images!
While I typically shy away from commercial tools, Chainguard (https://lnkd.in/eYRdZjPr) is a game-changer for FedRAMP compliance. When it comes to tackling the beast of secure Docker images, these folks are the heavy lifters you need in your corner. For anyone wrestling with FedRAMP, Chainguard isn't just a nice-to-have – it's your secret weapon. They make the impossible possible in managing truly secure Docker images. Don't even think about FedRAMP without putting Chainguard on your shortlist!
#CloudComputing #DevOps #Kubernetes #FedRAMP #CICD #InfrastructureAsCode #Monitoring #Logging #Containers #SecOps #CloudSolutions #FinOps
Disclaimer: I have no affiliation with this company whatsoever.
It has been amazing to work with Chainguard, I never would have believed that getting to a 0 CVE image would be so easy (heck, I wouldn't have believed it was even possible) before we introduced Chainguard into our workflow.
This is also the most epic Testimonial video I have ever seen, I sound at least 100% smarter than normal.
Did I mention that FilterBox uses @chainguard_dev images so it’s secure af (that’s a technical term)
We adopted Chainguard stack (melange/apko/images) at work and everyone has been super happy since. We wrote a tiny bit to automate image digest updates when we rebuild the base images.
As the name suggests these images are designed for security and reduce your attack surface.
I know @chainguard_dev images aren't magic, but hard work.. but it's the closest thing to a magic wand for CVEs I've seen
That one is even better 🥳 #rejekts2023 basically you are screwed unless you use @chainguard_dev 🤗
I recently gave the cgr.dev/chainguard/nginx container image a try, here are my learnings! Towards having more secure container images!
😍
#containersecurity #kubernetessecurity #chainguard #wolfi #nginx #alpine
Minimal Wolfi-based nginx HTTP, reverse proxy, mail proxy, and a generic TCP/UDP proxy server.
Now it's time for the Container image. I default nowadays to using @chainguard images with multi-stage builds for python. these base images are not only lightweight but don't have the vulns
And I sign them with @projectsigstore cosign before pushing it to container registry
I really love what @chainguard_dev is doing with Wolfi. https://github.com/chainguard-dev/wolfi-os I'll definitely be using it for anything that doesn't work on scratch.
We've begun using more @chainguard_dev images internally. They have zero CVEs 🤯. We recently learned our air gap tool http://Zarf.dev is now available in @wolfi_os. This is one of the many reasons we love the open source community. We can all get better together!
Of course, Chainguard is THE goto for base images, high quality software and a strong chain of custody. I can’t imagine people are still using alpine, there should be some more awareness towards image security!
Sure you’ve got scratch, ko for Go images and Google’s distroless for various other runtimes, but for truly streamlining it across polyglot repos is only possible with something like Wolfi if you want to achieve enterprise grade production, FedRamp FIPS compliance and with good SLAs.
This can only be achieved with Chainguard at least these days :-)
Another monthly vulnerability report to FedRAMP and DoD IL5 for our ATO Continuous Monitoring and another month with 0 FRICKING CVEs!
Who can top that?
I know no AI product that has 0 CVE in their entire stack.
Who even remotely competes with Ask Sage, Inc.? Nobody.
Thanks Chainguard for making this happen with us!
Guys. Chainguard is worth every penny.
I got to go on a date with my wife last night because I didn't have to remove CVEs from my container images.
This is huge. Finally a vendor that provides pre STIG'd images that both supports and maintains them. The overhead that companies incur for this work is massive. Often its duplicated across product teams for the same applications and containers.
This is way beyond what Ironbank does which is typically containers based on OS images. The surface area in these images are still huge simply due to the fact that the base image was designed for hardware and VMs. They're not stripped like container images should be. That burden still fell on the engineers who use those images.
No matter how much time we spend securing our codebase, and how much time I spend demoing and encouraging teams to use tooling like GitHub Advanced Security Code Scanning, we are still plagued by the underlying CVEs and vulnerabilities in the base docker images we use that impact our attack surface area! We seem to have gotten used to "living" with the identified CVEs in those images - I know I have... "not my problem" right? Sure, until you live the potential reality that exposure may bring! Very excited to learn about Chainguard's curated set of images (thanks to Levi Geinert for the tip). This looks pretty refreshing! https://lnkd.in/gskNjizA Are you using it? Are there other alternatives?
perfect timing as Zarf just added @chainguard_dev base images. Love what your doing and the value you are providing to the greater community.
Rockin 0 CVEs in my base images due to Chainguard and now got an awesome shirt to tell the world! Sure there’s other ways to achieve this, but the effort on my end is minimal and I don’t have to worry about the sources of the packages. I’m not normally one to boast about a specific vendor, but 🤯. #kubecon2023 #supplychainsecurity #vulnerabilities #easypeasy
Reach Inbox Zero for CVEs
Offload vulnerability management with our minimal images and eliminate CVEs daily.
Chainguard really does look like it can transform the software supply chain for the greater good - just needs more eyes on it and commitment to adopt; I see almost no reason not to migrate services to these images; especially when there are like for like images available with what you need. Swapping a single line in your Dockerfile with a different source for your base image is all that is needed.
Putting #security and minimalism first -
I migrated Luminous Onion from a vulnerable base image to Chainguard's image built with #Wolfi dropping the vulnerabilities to a manageable 0 count! All with only 2 lines of code changed. Yes, it's really that easy!
Highly recommend checking out Chainguard images for your projects.
See what our customers are saying on G2:
Awards and Accolades
We're leaders in the container security category on G2 overall, for enterprise and for small businesses!