Home
Unchained
Product Blog

Tired of searching through your scan results? Try the Chainguard OpenSearch Image

Dan Lorenc, CEO

Today, we’re excited to announce a new Chainguard Image for OpenSearch. The OpenSearch project is an Apache 2.0-licensed project for data search, visualization and analysis. The project is growing rapidly, and is used as part of many containerized deployments. The Chainguard OpenSearch Image is built on Wolfi, using Chainguard’s own hardened Java toolchain and runtime.

As always, the binaries in our Images are built from source and come with comprehensive and SBOMs from the start. These SBOMs contain the package metadata for everything in the Image and can be used for vulnerability scanning or license compliance. You can download the SBOMs for these containers with cosign:

$ cosign download sbom --platform=linux/amd64 cgr.dev/chainguard/opensearch
Found SBOM of media type: text/spdx+json
{
  "SPDXID": "SPDXRef-DOCUMENT",
  "name": "sbom-sha256:dd9cd094704555208c7d38f52214cc8f3241f376f120d451537d343517e00750",
  "spdxVersion": "SPDX-2.3",
  "creationInfo": {
    "created": "2023-04-02T00:28:43Z",
    "creators": [
      "Tool: apko (v0.7.3-4-gb7375dc)",
      "Organization: Chainguard, Inc"
    ],
    "licenseListVersion": "3.16"
  },
  "dataLicense": "CC0-1.0",
  "documentNamespace": "https://spdx.org/spdxdocs/apko/",
  "documentDescribes": [
    "SPDXRef-Package-sha256-2add1a6d23719923419c77888885b5985ce71b77573f90b97eeb3eead72768b6"
  ],
  "files": [
    {
      "SPDXID": "SPDXRef-File--usr-lib-locale-C.utf8-LCC95ADDRESS",
      "fileName": "/usr/lib/locale/C.utf8/LC_ADDRESS",
      "licenseConcluded": "NOASSERTION",
      "checksums": [
        {
          "algorithm": "SHA1",
          "checksumValue": "12d0e0600557e0dcb3c64e56894b81230e2eaa72"
        },
        {
          "algorithm": "SHA256",
          "checksumValue": "26e2800affab801cb36d4ff9625a95c3abceeda2b6553a7aecd0cfcf34c98099"
        },
        {
          "algorithm": "SHA512",
          "checksumValue": "d38b225e8204e1e85e6c631481f46d0b8fca8cf8d8dfc290f00adb15b605959f91f0d55dc830fdd82c22f916140090928e44f1b5123facac135705cc81df00b0"
        }
      ]
    },

By building our OpenSearch Image on Wolfi, we’re able to keep it small and continuously patched. Our Image is less than 25% of the size of the alternative image and has significantly fewer CVEs. See the results for yourself:

Image of bar graph comparing Chainguard Images (smaller and safer) and OpenSearch images.

If you want to see upwards of a 25% reduction in your OpenSearch Image sizes with more security built in by default, start using Chainguard’s OpenSearch Image today at github.com/chainguard-images, or get started with using documentation in Chainguard Academy. Chainguard Images are now available for Bazel, curl, Git, Go, Jenkins, Postgres, Ruby and more. We currently offer our public Chainguard Images catalog for no cost to users, which includes features like SBOMs, signatures and SLSA Build Level 2 provenance information. If your organization requires patching SLAs, older version support or Images for compliance requirements, we offer Standard and Custom subscription tiers. Contact our team to learn more.

We are always looking for ways to improve our end user experience. If you have feedback or would like to submit a support issue you can reach out to us directly or file it here.

Update on our Chainguard Images Catalog: On August 16, 2023, we will be making changes to how Chainguard Image tags are pulled. Please see this announcement for further details about accessing our free, public Image catalog.

Share

Ready to Lock Down Your Supply Chain?

Talk to our customer obsessed, community-driven team.

Get Started