Hello Wolfi Workshop

Introduction

Software supply chain threats have been growing exponentially in the last few years, according to industry leaders and security researchers (PDF). With the popularization of automated workflows and cloud native deployments, it is more important than ever to provide users with the ability to attest the provenance of all relevant software artifacts that compose the container images being used as build and production runtimes.

In this workshop, you’ll learn more about Wolfi, a community Linux undistro designed for the container and cloud-native era. You’ll also learn about melange and apko, Chainguard’s open source toolkit created to build more secure container images.

Note: This presentation was recorded on November 16, 2022. Although most of the content holds true to date, some commands and configurations have changed, which caused the demo to become obsolete. For a more up-to-date resource on how to build Wolfi packages, check the Building a Wolfi Package guide. If you are looking for Wolfi-based images for your containerized workloads, check our Images Directory.