New year, new image: Introducing the Chainguard Images Directory
Today, we were named to Fortune Cyber 60 list. To celebrate, we are launching a new Chainguard Images Directory to help you find, browse, discover, and get started even faster using minimal, hardened images from Chainguard for all of your application needs.
With this enhanced experience, you can easily search what’s in our Chainguard Images inventory–both our Developer Images, which are free to use at the :latest version, and our Production Images, which are enterprise-ready images that come with patch SLAs and features such as Federal Information Processing Standard (FIPS).
We are also introducing our Security Advisories to help you find the latest information we have available for specific Common Vulnerabilities and Exposures (CVEs) in packages you are using with Chainguard Images. Having information about the vulnerabilities we are patching daily is critical for our users. The Security Advisories page is self-service, so you can easily view if Chainguard is aware of a specific vulnerability in your scan results and whether Chainguard has mitigated the CVE in a certain package version. One of the most important benefits our customers gain from using Chainguard Images is our low-to-zero known vulnerabilities commitment–now you can see for yourself the details of the specific vulnerabilities we mitigate.
Another benefit of Chainguard Images is daily updates to ensure users are receiving continuous security patches and are using the most up-to-date image versions. To make it easier for all users of our free Chainguard Developer Images, we are releasing a new tool called digestabot. Digestabot, a free GitHub Action, provides you with a hassle-free way to keep your images current.
Read on to learn more about the new Chainguard Images Directory and features.
Exploring the Chainguard Images Directory
Chainguard maintains a growing registry of nearly 500 minimal, hardened container images with low-to-zero known CVEs. Our new Chainguard Images Directory is designed to help you find the right Images for your needs and get started right away using them in your environments. You can search, filter, and learn more about all Images in our inventory at images.chainguard.dev.
The new Chainguard Images Directory experience also provides detailed provenance information about each of our Images, including docker pull commands, all available tags and variants, and information about verifying our Images' signatures, Software Bill of Materials (SBOMs), and Supply chain Levels for Software Artifacts (SLSA) provenance.
Chainguard Developer Images are available for free on the :latest and :latest-dev tags for you to use in your development and test environments. Within the new Directory, each Images page also includes important image-specific details such as version tags and other variants like FIPS and Long Term Support (LTS), which are available to our Chainguard Images customers who have purchased these solutions.
Within the new Chainguard Images Directory, you can create a Chainguard account, which gives you the added opportunity to be notified about critical lifecycle events for the Chainguard Images you are using, such as End-of-Life (EOL) notices, major version changes, and important vulnerability patches. A Chainguard account also provides access to our API and Eventing framework, so you can easily integrate Chainguard Images directly into your development workflows.
Our Chainguard Images inventory is constantly growing. If you are looking for a specific image you don't see in the Directory, reach out to our team.
CVE details at your fingertips
We maintain our Chainguard Images daily with the latest updates, but sometimes our users and customers see some results for vulnerabilities from their scanning tools (see which scanners support Chainguard Images). When this happens, it’s critical for users and customers to understand that Chainguard is aware of these vulnerabilities and addressing them with the information we have available.
Our Security Advisories page is a self-serve portal you can use to find the latest information about CVEs, including when the CVE was detected, the current CVE remediation status in a specific Chainguard Image package, and the version of the software it’s fixed in. You can search for a specific CVE ID or filter down to only the software packages that are in your organization’s Chainguard Images.
A detailed page for each vulnerability lists every affected package, the status, and the fixed version, so you know exactly which version you need to upgrade to in order to mitigate the risk of that vulnerability in your environment.
Stay up to date with digestabot
We update our free, Developer Images on a daily basis to prevent the accumulation of new vulnerabilities. Keeping your Images current is crucial to leverage these vital security updates. We know that this can be hard work, so we’re releasing digestabot, a GitHub Action designed to automatically initiate a pull request whenever one of your Developer Images requires an update. First developed as an in-house tool to streamline our own update procedures, digestabot is now available to assist you in optimizing the utilization of our free, Developer Images.
Search, pull, build
Ring in the New Year with a resolution of using secure-by-default software. Our new Chainguard Images Directory is like a New Year’s party for your tech stack — making it simpler than ever to kickstart your journey with Chainguard Images and bid adieu to CVEs. Dive into your new era by searching, pulling, and building with Chainguard Images. Check us out at images.chainguard.dev and let the Security Advisories page and digestabot be your guides to daily image updates, patches, and important CVE insights. And when you’re ready to elevate your resolution, our Production Images with enterprise-ready features await. Contact our team to discover how we can be the confetti to your compliance parade.If you are looking to spread some holiday cheer, drop us a review on G2. The first 10 reviews will receive a special swag pack from Chainguard.
Ready to Lock Down Your Supply Chain?
Talk to our customer obsessed, community-driven team.