From 1e2de8721a253f1e391fa3a996b1d331f0c8e9a8 Mon Sep 17 00:00:00 2001 From: Mark Drake Date: Fri, 29 Mar 2024 15:28:41 -0700 Subject: [PATCH 1/2] Updating Images Overview + adding Wolfi package context Signed-off-by: Mark Drake --- content/chainguard/chainguard-images/faq.md | 4 +- .../how-to-use-chainguard-images.md | 11 +++- .../chainguard/chainguard-images/overview.md | 53 ++++++++++++++----- .../recommended-practices/cve-risk.md | 4 +- .../chainguard/chainguard-images/versions.md | 4 +- 5 files changed, 58 insertions(+), 18 deletions(-) diff --git a/content/chainguard/chainguard-images/faq.md b/content/chainguard/chainguard-images/faq.md index 1d705727bf..3a360d97f6 100644 --- a/content/chainguard/chainguard-images/faq.md +++ b/content/chainguard/chainguard-images/faq.md @@ -4,7 +4,7 @@ linktitle: "FAQs" type: "article" description: "Frequently asked questions about Chainguard Images" date: 2022-09-01T08:49:31+00:00 -lastmod: 2024-03-08T08:49:31+00:00 +lastmod: 2024-03-29T08:49:31+00:00 draft: false tags: ["Chainguard Images", "FAQ", "Product"] images: [] @@ -72,7 +72,7 @@ Chainguard Images only contain packages that come from the [Wolfi Project](https Starting in March of 2024, Chainguard will maintain one version of each Wolfi package at a time. These will track the latest version of the upstream software in the package. Chainguard will end patch support for previous versions of packages in Wolfi. Existing packages will not be removed from Wolfi and you may continue to use them, but be aware that older packages will no longer be updated and will accrue vulnerabilities over time. The tools we use to build packages and images remain freely available and open source in Wolfi. -This change ensures that Chainguard can provide the most up-to-date patches to all packages for our Images customers. Note that specific package versions can be made available in Production Images. If you have a request for a specific package version, please [contact support](https://support.chainguard.dev/hc/en-us). +This change ensures that Chainguard can provide the most up-to-date patches to all packages for our Images customers. Note that specific package versions can be made available in Production Images. If you have a request for a specific package version, please [contact support](https://support.chainguard.dev?utm=docs). ## What does Chainguard do when a CVE is published, but a patch is not available from the owner of the OSS code? Chainguard investigates the CVE and marks relevant images as affected or not. If Chainguard can identify a patch that's unreleased, Chainguard may apply a patch before it lands upstream. In either case, when the patch lands upstream, Chainguard picks it up and rolls it out. diff --git a/content/chainguard/chainguard-images/how-to-use-chainguard-images.md b/content/chainguard/chainguard-images/how-to-use-chainguard-images.md index e99fddc707..96cded8b94 100644 --- a/content/chainguard/chainguard-images/how-to-use-chainguard-images.md +++ b/content/chainguard/chainguard-images/how-to-use-chainguard-images.md @@ -5,7 +5,7 @@ type: "article" description: "A primer on how to migrate to Chainguard Images" lead: "A primer on how to migrate to Chainguard Images" date: 2022-09-01T08:49:31+00:00 -lastmod: 2024-03-22T19:42:31+00:00 +lastmod: 2024-03-29T19:42:31+00:00 draft: false tags: ["Chainguard Images", "Procedural", "Product"] images: [] @@ -193,3 +193,12 @@ You should get output like this, with a random piece of advice: ``` Check also the [Wolfi Images with Dockerfiles](/open-source/wolfi/wolfi-with-dockerfiles/) guide for more examples using Wolfi-based images with Dockerfiles, and the [Getting Started with Distroless](/chainguard/chainguard-images/getting-started-distroless/) guide for more details about distroless images and how to use them in Docker multi-stage builds. + + +## A Note regarding package availability in Chainguard Images + +Chainguard Images only contain packages that come from the [Wolfi Project](https://github.com/wolfi-dev) or those that are built and maintained internally by Chainguard. + +Starting in March of 2024, Chainguard will maintain one version of each Wolfi package at a time. These will track the latest version of the upstream software in the package. Chainguard will end patch support for previous versions of packages in Wolfi. Existing packages will not be removed from Wolfi and you may continue to use them, but be aware that older packages will no longer be updated and will accrue vulnerabilities over time. The tools we use to build packages and images remain freely available and open source in Wolfi. + +This change ensures that Chainguard can provide the most up-to-date patches to all packages for our Images customers. Note that specific package versions can be made available in Production Images. If you have a request for a specific package version, please [contact support](https://support.chainguard.dev?utm=docs). diff --git a/content/chainguard/chainguard-images/overview.md b/content/chainguard/chainguard-images/overview.md index d37383af59..8347523511 100644 --- a/content/chainguard/chainguard-images/overview.md +++ b/content/chainguard/chainguard-images/overview.md @@ -5,7 +5,7 @@ type: "article" description: "Chainguard Images Overview" lead: "A primer on Chainguard Images and the distroless approach" date: 2022-09-01T08:49:31+00:00 -lastmod: 2023-03-22T08:49:31+00:00 +lastmod: 2024-03-29T08:49:31+00:00 draft: false tags: ["Chainguard Images", "Product", "Overview"] images: [] @@ -16,26 +16,52 @@ weight: 010 toc: true --- -[Chainguard Images](https://www.chainguard.dev/chainguard-images?utm_source=docs) is a collection of container images designed for security and minimalism. +[Chainguard Images](https://www.chainguard.dev/chainguard-images?utm_source=docs) are a collection of container images designed for security and minimalism. -Many of the images are distroless; they contain only an application and its runtime dependencies. These images do not even contain a shell or package manager. +Many Chainguard Images are distroless; they contain only an open-source application and its runtime dependencies. These images do not even contain a shell or package manager. Chainguard Images are built with [Wolfi](/open-source/wolfi/overview), our Linux _undistro_ designed from the ground up to produce container images that meet the requirements of a secure software supply chain. -Chainguard Images are built with [Wolfi](/open-source/wolfi/overview), our Linux _undistro_ designed from the ground up to produce container images that meet the requirements of a secure software supply chain. +The main features of Chainguard Images include: -Main features include: - -- Minimalist design, no bloating from unnecessary software -- High quality build-time SBOMs (software bill of materials) attesting the provenance of all artifacts within the image -- Verifiable signatures provided by [Sigstore](/open-source/sigstore/cosign/an-introduction-to-cosign/) -- Automated nightly builds to ensure images are completely up-to-date and contain all available security patches +- Minimalist design, with no unnecessary software bloat +- Automated nightly builds to ensure Images are completely up-to-date and contain all available security patches +- [High quality build-time SBOMs](/chainguard/chainguard-images/images-features/retrieve-image-sboms/) (software bill of materials) attesting the provenance of all artifacts within the Image +- [Verifiable signatures](/chainguard/chainguard-images/images-features/retrieve-image-sboms/) provided by [Sigstore](/open-source/sigstore/cosign/an-introduction-to-cosign/) - Reproducible builds with Cosign and apko ([read more about reproducibility](https://www.chainguard.dev/unchained/reproducing-chainguards-reproducible-image-builds)) -Chainguard Images are available from the [Chainguard Registry](/chainguard/chainguard-images/registry/overview/) and can be pulled from `cgr.dev`. You can review images files [on GitHub](https://github.com/chainguard-images). +Chainguard Images are available from the [Chainguard Registry](/chainguard/chainguard-images/registry/overview/) and can be pulled from `cgr.dev`. You can review images files [on GitHub](https://github.com/chainguard-images) and can find complete lists of available Chainguard Images in the [public Images Directory](https://images.chainguard.dev/) or within the [Chainguard Console](https://console.enforce.dev/). + + +## Why Minimal container images + +The fewer dependencies a given piece of software uses, the lower likelihood that it will be impacted by CVEs. By minimizing the number of dependencies and thus reducing their potential attack surface, Chainguard Images inherently contain few to zero CVEs. Chainguard Images are rebuilt nightly to ensure they are completely up-to-date and contain all available security patches. With this nightly build approach, our engineering team sometimes fixes vulnerabilities before they’re detected. + +Note that there is often a `-dev` variant of each Chainguard Image available. For example, the `-dev` variant of the `mariadb:latest` Image is `mariadb:latest-dev`. These images typically contain a shell and tools like a package manager to allow users to more easily debug and modify the image. + ## Why Distroless [Distroless images](/chainguard/chainguard-images/getting-started-distroless/) are the result of pushing minimalism in containers to the next level. When compared to traditional base images such as [Alpine](https://hub.docker.com/_/alpine) or [Debian](https://hub.docker.com/_/debian), they are more stripped back, lacking even a shell or package managers. However, compared to the empty “scratch” image, they do contain structure essential for the majority of Linux applications such as root certificates for TLS and core files like `/etc/passwd`. +[Wolfi](https://github.com/wolfi-dev) is a community Linux distribution designed by Chainguard for the container and cloud-native era. Chainguard started the Wolfi project to enable building Chainguard Images, which required a Linux distribution with components at the appropriate granularity and with support for [glibc](https://www.gnu.org/software/libc/). + +### A Note about Wolfi packages + +Chainguard Images only contain packages that come from the Wolfi Project or those that are built and maintained internally by Chainguard. Starting in March of 2024, Chainguard will maintain one version of each Wolfi package at a time. These will track the latest version of the upstream software in the package. Chainguard will end patch support for previous versions of packages in Wolfi. Existing packages will not be removed from Wolfi and you may continue to use them, but be aware that older packages will no longer be updated and will accrue vulnerabilities over time. The tools we use to build packages and images remain freely available and open source in Wolfi. + +This change ensures that Chainguard can provide the most up-to-date patches to all packages for our Images customers. Note that specific package versions can be made available in Production Images. If you have a request for a specific package version, please [contact support](https://support.chainguard.dev?utm=docs). + + +## Production and Developer Images + +There are two different tracks of Chainguard Images: Production Images and Developer Images. Developer Images are publicly available and free to use by anyone. Developer Images always represent images tagged with `:latest` or `:latest-dev`. + +Production Images are enterprise-ready images that come with patch SLAs and features such as [Federal Information Processing Standard (FIPS) readiness](/chainguard/chainguard-images/images-features/fips-images/) and [unique time stamped tags](/chainguard/chainguard-images/images-features/unique-tags/). There are also specific major and minor versions of open source software available as Production Images. + +You can access Images directly from the [Chainguard Registry](/chainguard/chainguard-registry/overview/). The Chainguard Registry provides public access to all public Chainguard Images, and provides customer access for Production Images after logging in and authenticating. + +You can find complete lists of all the Developer and Production Images available to you in [the Chainguard Console](https://console.enforce.dev/). After logging in you will be able to find all the current Developer Images in the **Public images** tab. If you've selected an appropriate Organization in the drop-down menu above the left hand navigation, you can find your organization's Production images in the **Organization images** tab. + + ## Comparing Images The following graph shows a comparison between the official Nginx image and Chainguard's [Nginx image](/chainguard/chainguard-images/reference/nginx/overview/), based on the number of CVEs (common vulnerabilities and exposures) detected by [Grype](https://github.com/anchore/grype): @@ -46,6 +72,9 @@ The major advantage of distroless images is the reduced size and complexity, whi You can review more comparisons of Chainguard Images and external images by checking out our [Vulnerability Comparisons](/chainguard/chainguard-images/vuln-comparison/) dashboard. +To compare different versions of Chainguard Images, you can use the [Images Diff API](/chainguard/chainguard-images/comparing-images/using-the-image-diff-api/). `chainctl`, Chainguard's command line interface tool, comes with a useful `diff` feature that also allows you to [compare two Chainguard Images](/chainguard/chainguard-images/comparing-images/comparing-images/). + + ## Architecture By default, all Wolfi-based images are built for x86_64 (also known as AMD64) and AArch64 (also known as ARM64) architectures. Being able to provide multi-platform Chainguard Images enables the support of more than one runtime environment, like those available on all three major clouds, AWS, GCP, and Azure. The macOS M1 and M2 chips are also based on ARM architecture. Chainguard Images allow you to take advantage of ARM's power consumption and cost benefits. @@ -71,4 +100,4 @@ Once you run this command, you'll receive output similar to the following. This verifies that the Ruby Chainguard Image is built for both AMD64 and ARM64 architectures. -You can read more about our support of ARM64 in our blog on [Building Wolfi from the ground up](https://www.chainguard.dev/unchained/building-wolfi-from-the-ground-up-and-announcing-arm64-support). +You can read more about our support of ARM64 in our blog on [Building Wolfi from the ground up](https://www.chainguard.dev/unchained/building-wolfi-from-the-ground-up-and-announcing-arm64-support). \ No newline at end of file diff --git a/content/chainguard/chainguard-images/recommended-practices/cve-risk.md b/content/chainguard/chainguard-images/recommended-practices/cve-risk.md index af12a2caf4..e1a0b24579 100644 --- a/content/chainguard/chainguard-images/recommended-practices/cve-risk.md +++ b/content/chainguard/chainguard-images/recommended-practices/cve-risk.md @@ -6,7 +6,7 @@ aliases: type: "article" description: "A conceptual article outlining best practices for reducing one's CVE risk." date: 2023-11-16T11:07:52+02:00 -lastmod: 2023-11-16T11:07:52+02:00 +lastmod: 2024-03-29T11:07:52+02:00 draft: false tags: ["Conceptual", "Chainguard Images", "CVE"] images: [] @@ -80,6 +80,8 @@ If you're looking for a certain image that isn't included in Chainguard's librar Wolfi includes a fully declarative and reproducible build system and provides a high-quality, build-time SBOM as standard for all packages. Its packages are designed to be granular and independent — in order to support minimal images — and uses the proven and reliable `apk` package format. +Please note that starting in March of 2024, Chainguard will maintain one version of each Wolfi package at a time. These will track the latest version of the upstream software in the package. Chainguard will end patch support for previous versions of packages in Wolfi. Existing packages will not be removed from Wolfi and you may continue to use them, but be aware that older packages will no longer be updated and will accrue vulnerabilities over time. This change ensures that Chainguard can provide the most up-to-date patches to all packages for our Images customers. Note that specific package versions can be made available in Production Images. + ## Learn more diff --git a/content/chainguard/chainguard-images/versions.md b/content/chainguard/chainguard-images/versions.md index 04d0d9cd80..6016c3b61b 100644 --- a/content/chainguard/chainguard-images/versions.md +++ b/content/chainguard/chainguard-images/versions.md @@ -4,7 +4,7 @@ linktitle: "Product Release Lifecycle" type: "article" description: "Understanding Chainguard's Approach to Image Versions" date: 2024-01-08T08:49:31+00:00 -lastmod: 2024-03-06T08:49:31+00:00 +lastmod: 2024-03-29T08:49:31+00:00 draft: false tags: ["Chainguard Images", "Product"] images: [] @@ -79,7 +79,7 @@ Chainguard Images only contain packages that are either built and maintained int Starting in March of 2024, Chainguard will maintain one version of each Wolfi package at a time. These will track the latest version of the upstream software in the package. Chainguard will end patch support for previous versions of packages in Wolfi. Existing packages will not be removed from Wolfi and you may continue to use them, but be aware that older packages will no longer be updated and will accrue vulnerabilities over time. The tools we use to build packages and images remain freely available and open source in Wolfi. -This change ensures that Chainguard can provide the most up-to-date patches to all packages for our Images customers. Note that specific package versions can be made available in Production Images. If you have a request for a specific package version, please [contact support](https://support.chainguard.dev/hc/en-us). +This change ensures that Chainguard can provide the most up-to-date patches to all packages for our Images customers. Note that specific package versions can be made available in Production Images. If you have a request for a specific package version, please [contact support](https://support.chainguard.dev?utm=docs). ## SLAs From 075143725d0a1e6403b6182fbe3b0245be58b75c Mon Sep 17 00:00:00 2001 From: Mark Drake Date: Mon, 1 Apr 2024 16:19:46 -0700 Subject: [PATCH 2/2] lisa's suggestions Signed-off-by: Mark Drake --- content/chainguard/chainguard-images/faq.md | 4 ++-- .../how-to-use-chainguard-images.md | 4 ++-- content/chainguard/chainguard-images/overview.md | 14 +++++++------- .../recommended-practices/cve-risk.md | 2 +- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/content/chainguard/chainguard-images/faq.md b/content/chainguard/chainguard-images/faq.md index 3a360d97f6..2f6bc7f161 100644 --- a/content/chainguard/chainguard-images/faq.md +++ b/content/chainguard/chainguard-images/faq.md @@ -70,9 +70,9 @@ Chainguard Images are rebuilt every night to ensure that new package versions an Chainguard Images only contain packages that come from the [Wolfi Project](https://github.com/wolfi-dev) or those that are built and maintained internally by Chainguard. -Starting in March of 2024, Chainguard will maintain one version of each Wolfi package at a time. These will track the latest version of the upstream software in the package. Chainguard will end patch support for previous versions of packages in Wolfi. Existing packages will not be removed from Wolfi and you may continue to use them, but be aware that older packages will no longer be updated and will accrue vulnerabilities over time. The tools we use to build packages and images remain freely available and open source in Wolfi. +Starting in March of 2024, Chainguard will maintain one version of each Wolfi package at a time. These will track the latest version of the upstream software in the package. Chainguard will end patch support for previous versions of packages in Wolfi. Existing packages will not be removed from Wolfi and you may continue to use them, but be aware that older packages will no longer be updated and will accrue vulnerabilities over time. The tools we use to build packages and images remain freely available and open source in [Wolfi](https://github.com/wolfi-dev). -This change ensures that Chainguard can provide the most up-to-date patches to all packages for our Images customers. Note that specific package versions can be made available in Production Images. If you have a request for a specific package version, please [contact support](https://support.chainguard.dev?utm=docs). +This change ensures that Chainguard can provide the most up-to-date patches to all packages for our Images customers. Note that specific package versions can be made available in Production Images. If you have a request for a specific package version, please [contact us](https://www.chainguard.dev/contact?utm=docs). ## What does Chainguard do when a CVE is published, but a patch is not available from the owner of the OSS code? Chainguard investigates the CVE and marks relevant images as affected or not. If Chainguard can identify a patch that's unreleased, Chainguard may apply a patch before it lands upstream. In either case, when the patch lands upstream, Chainguard picks it up and rolls it out. diff --git a/content/chainguard/chainguard-images/how-to-use-chainguard-images.md b/content/chainguard/chainguard-images/how-to-use-chainguard-images.md index 96cded8b94..5a3b09b5d8 100644 --- a/content/chainguard/chainguard-images/how-to-use-chainguard-images.md +++ b/content/chainguard/chainguard-images/how-to-use-chainguard-images.md @@ -199,6 +199,6 @@ Check also the [Wolfi Images with Dockerfiles](/open-source/wolfi/wolfi-with-doc Chainguard Images only contain packages that come from the [Wolfi Project](https://github.com/wolfi-dev) or those that are built and maintained internally by Chainguard. -Starting in March of 2024, Chainguard will maintain one version of each Wolfi package at a time. These will track the latest version of the upstream software in the package. Chainguard will end patch support for previous versions of packages in Wolfi. Existing packages will not be removed from Wolfi and you may continue to use them, but be aware that older packages will no longer be updated and will accrue vulnerabilities over time. The tools we use to build packages and images remain freely available and open source in Wolfi. +Starting in March of 2024, Chainguard will maintain one version of each Wolfi package at a time. These will track the latest version of the upstream software in the package. Chainguard will end patch support for previous versions of packages in Wolfi. Existing packages will not be removed from Wolfi and you may continue to use them, but be aware that older packages will no longer be updated and will accrue vulnerabilities over time. The tools we use to build packages and images remain freely available and open source in [Wolfi](https://github.com/wolfi-dev). -This change ensures that Chainguard can provide the most up-to-date patches to all packages for our Images customers. Note that specific package versions can be made available in Production Images. If you have a request for a specific package version, please [contact support](https://support.chainguard.dev?utm=docs). +This change ensures that Chainguard can provide the most up-to-date patches to all packages for our Images customers. Note that specific package versions can be made available in Production Images. If you have a request for a specific package version, please [contact us](https://www.chainguard.dev/contact?utm=docs). diff --git a/content/chainguard/chainguard-images/overview.md b/content/chainguard/chainguard-images/overview.md index 8347523511..ccebcecff8 100644 --- a/content/chainguard/chainguard-images/overview.md +++ b/content/chainguard/chainguard-images/overview.md @@ -33,22 +33,22 @@ Chainguard Images are available from the [Chainguard Registry](/chainguard/chain ## Why Minimal container images -The fewer dependencies a given piece of software uses, the lower likelihood that it will be impacted by CVEs. By minimizing the number of dependencies and thus reducing their potential attack surface, Chainguard Images inherently contain few to zero CVEs. Chainguard Images are rebuilt nightly to ensure they are completely up-to-date and contain all available security patches. With this nightly build approach, our engineering team sometimes fixes vulnerabilities before they’re detected. +The fewer dependencies a given piece of software uses, the lower likelihood that it will be impacted by CVEs. By minimizing the number of dependencies and thus reducing their potential attack surface, Chainguard Images inherently contain few to zero CVEs. Chainguard Images are rebuilt nightly to ensure they are completely up-to-date and contain all available security patches. With this nightly build approach, our engineering team sometimes [fixes vulnerabilities before they’re detected](https://www.chainguard.dev/unchained/how-chainguard-fixes-vulnerabilities?utm_source=docs). -Note that there is often a `-dev` variant of each Chainguard Image available. For example, the `-dev` variant of the `mariadb:latest` Image is `mariadb:latest-dev`. These images typically contain a shell and tools like a package manager to allow users to more easily debug and modify the image. +Note that there is often a `-dev` variant of each Chainguard Image available. For example, the `-dev` variant of the `mariadb:latest` Image is `mariadb:latest-dev`. These images typically contain a shell and tools like a package manager to allow users to more easily debug and modify the image. We recommend for production environments that you use Chainguard's `-dev` Images in a multi-stage Docker build; this will allow you to use a `-dev` variant image as a builder container, and then promote that build to an image that removes anything unnecessary. ## Why Distroless [Distroless images](/chainguard/chainguard-images/getting-started-distroless/) are the result of pushing minimalism in containers to the next level. When compared to traditional base images such as [Alpine](https://hub.docker.com/_/alpine) or [Debian](https://hub.docker.com/_/debian), they are more stripped back, lacking even a shell or package managers. However, compared to the empty “scratch” image, they do contain structure essential for the majority of Linux applications such as root certificates for TLS and core files like `/etc/passwd`. -[Wolfi](https://github.com/wolfi-dev) is a community Linux distribution designed by Chainguard for the container and cloud-native era. Chainguard started the Wolfi project to enable building Chainguard Images, which required a Linux distribution with components at the appropriate granularity and with support for [glibc](https://www.gnu.org/software/libc/). +[Wolfi](https://github.com/wolfi-dev) is a community Linux distribution developed by Chainguard for the container and cloud-native era. Chainguard started the Wolfi project to enable building Chainguard Images, which required a Linux distribution with components at the appropriate granularity and with support for [glibc](https://www.gnu.org/software/libc/). ### A Note about Wolfi packages -Chainguard Images only contain packages that come from the Wolfi Project or those that are built and maintained internally by Chainguard. Starting in March of 2024, Chainguard will maintain one version of each Wolfi package at a time. These will track the latest version of the upstream software in the package. Chainguard will end patch support for previous versions of packages in Wolfi. Existing packages will not be removed from Wolfi and you may continue to use them, but be aware that older packages will no longer be updated and will accrue vulnerabilities over time. The tools we use to build packages and images remain freely available and open source in Wolfi. +Chainguard Images only contain packages that come from the Wolfi Project or those that are built and maintained internally by Chainguard. As of March of 2024, Chainguard will maintain one version of each Wolfi package at a time. These will track the latest version of the upstream software in the package. Chainguard offers patch support only for the latest version of the upstream software in the package. Existing packages will not be removed from Wolfi and you may continue to use them, but be aware that older packages will no longer be updated and will accrue vulnerabilities over time. The tools we use to build packages and images remain freely available and open source in [Wolfi](https://github.com/wolfi-dev). -This change ensures that Chainguard can provide the most up-to-date patches to all packages for our Images customers. Note that specific package versions can be made available in Production Images. If you have a request for a specific package version, please [contact support](https://support.chainguard.dev?utm=docs). +This change ensures that Chainguard can provide the most up-to-date patches to all packages for our Images users. Note that specific package versions can be made available in Production Images. If you have a request for a specific package version, please [contact support](https://www.chainguard.dev/contact?utm=docs). ## Production and Developer Images @@ -59,7 +59,7 @@ Production Images are enterprise-ready images that come with patch SLAs and feat You can access Images directly from the [Chainguard Registry](/chainguard/chainguard-registry/overview/). The Chainguard Registry provides public access to all public Chainguard Images, and provides customer access for Production Images after logging in and authenticating. -You can find complete lists of all the Developer and Production Images available to you in [the Chainguard Console](https://console.enforce.dev/). After logging in you will be able to find all the current Developer Images in the **Public images** tab. If you've selected an appropriate Organization in the drop-down menu above the left hand navigation, you can find your organization's Production images in the **Organization images** tab. +You can find complete lists of all the Developer and Production Images available to you in [the Chainguard Console](https://console.enforce.dev/?utm=docs). After logging in you will be able to find all the current Developer Images in the **Public images** tab. If you've selected an appropriate Organization in the drop-down menu above the left hand navigation, you can find your organization's Production Images in the **Organization images** tab. ## Comparing Images @@ -100,4 +100,4 @@ Once you run this command, you'll receive output similar to the following. This verifies that the Ruby Chainguard Image is built for both AMD64 and ARM64 architectures. -You can read more about our support of ARM64 in our blog on [Building Wolfi from the ground up](https://www.chainguard.dev/unchained/building-wolfi-from-the-ground-up-and-announcing-arm64-support). \ No newline at end of file +You can read more about our support of ARM64 in our blog on [Building Wolfi from the ground up](https://www.chainguard.dev/unchained/building-wolfi-from-the-ground-up-and-announcing-arm64-support?utm=docs). \ No newline at end of file diff --git a/content/chainguard/chainguard-images/recommended-practices/cve-risk.md b/content/chainguard/chainguard-images/recommended-practices/cve-risk.md index e1a0b24579..7e0568a38a 100644 --- a/content/chainguard/chainguard-images/recommended-practices/cve-risk.md +++ b/content/chainguard/chainguard-images/recommended-practices/cve-risk.md @@ -80,7 +80,7 @@ If you're looking for a certain image that isn't included in Chainguard's librar Wolfi includes a fully declarative and reproducible build system and provides a high-quality, build-time SBOM as standard for all packages. Its packages are designed to be granular and independent — in order to support minimal images — and uses the proven and reliable `apk` package format. -Please note that starting in March of 2024, Chainguard will maintain one version of each Wolfi package at a time. These will track the latest version of the upstream software in the package. Chainguard will end patch support for previous versions of packages in Wolfi. Existing packages will not be removed from Wolfi and you may continue to use them, but be aware that older packages will no longer be updated and will accrue vulnerabilities over time. This change ensures that Chainguard can provide the most up-to-date patches to all packages for our Images customers. Note that specific package versions can be made available in Production Images. +Please note that as of March of 2024, Chainguard will maintain one version of each Wolfi package at a time. These track the latest version of the upstream software in the package. Chainguard does not provide patch support for previous versions of packages in Wolfi. Existing packages will not be removed from Wolfi and you may continue to use them, but be aware that older packages will no longer be updated and will accrue vulnerabilities over time. This change ensures that Chainguard can provide the most up-to-date patches to all packages for our Images users. Note that specific package versions can be made available in Production Images, if you have a request for a specific package version, please [contact support](https://support.chainguard.dev?utm=docs). ## Learn more