Chainguard Academy
Product Docs
Images
Overview
About
Shared Responsibility Model
Going Distroless
How Images are Tested
Dev vs. Production Images
Product Release Lifecycle
Images for Compiled Programs
Images for Compiled Programs
glibc vs. musl
Video: Why Our Images Have Low-to-No CVEs
Video: Beyond Zero at PyTorch 2024
Features
FIPS Images
STIGs
Unique Tags
Tag History API
CVE Visualizations
Custom Certificates
EOL Notifications
How to Use
Using Chainguard Images
Retrieve an Image's SBOM
Verifying Images
Images Directory
Compare Images with chainctl
Video: Using the Static Base Image
Video: Image Digests
Video: Reproducible Dockerfiles with Frizbee and Digestabot
Video: Software Versions
Video: Minimal Runtime Images
Getting Started Guides
C/C++
Cilium
Go
Istio
Laravel
MariaDB
NeMo
nginx
Node
PHP
PostgreSQL
Python
PyTorch
Ruby
WordPress
Staying Secure
Minimize CVE Risk
Video: Reproducibility and Chainguard Images
Updating Images
Image Update Considerations
EOL Vulnerabilities
Update Strategies and Tools
Using Renovate
Video: Up-to-date Images with Digestabot
Security Advisories
Using Advisories
Advisory Life Cycle
Managing Advisories
Working with Scanners
False Positives and Negatives
Grype
Trivy
Troubleshooting
Debugging
Video: Debugging Distroless Containers
Video: Debugging with Kubectl and CDebug
Vulnerability Comparisons
bash
busybox
curl
deno
dex
dotnet-runtime
dotnet-sdk
etcd
git
go
gradle
haproxy
jenkins
kube-state-metrics
mariadb
maven
memcached
minio
minio-client
nats
nginx
node
opensearch
php
postgres
python
r-base
rabbitmq
redis
ruby
rust
telegraf
traefik
wait-for-it
wolfi-base
zookeeper
FAQs
Registry
Registry Overview
Authenticating to Chainguard Registry
Pull Through Guides
Google Artifact Registry
Artifactory
Registry Pull-Through
Mirroring Packages
Nexus
Cloudsmith
Migration
Migration Overview
Porting a Sample Application
Migrating to Chainguard Images
Alpine Compatibility
Debian Compatibility
Ubuntu Compatibility
Red Hat Compatibility
PHP Migration
Node Migration
Video: Migrate Node.js Applications to Chainguard
Python Migration
Video: Migrating Go Applications to Chainguard
Video: Migrate Java Applications to Chainguard
Administration
Network Requirements
Install chainctl
chainctl Config
Terraform Provider
IAM & Organizations
IAM Overview
Manage IAM Organizations
Roles and Role-Bindings
Assumable Identities
Identity Examples
GitHub Actions Assumable Identity
GitLab CI/CD Assumable Identity
AWS Assumable Identity
Buildkite Assumable Identity
Bitbucket Assumable Identity
Jenkins Assumable Identity
Keycloak Assumable Identity
Verified Organizations
GitHub Team Role-binding
IDP Providers
Custom IDPs
Okta
Ping Identity
Microsoft Entra ID
CloudEvents
Mirror Images to Artifact Registry
Chainguard Events
OpenAPI Specification
chainctl
chainctl
chainctl auth
chainctl auth configure-docker
chainctl auth login
chainctl auth logout
chainctl auth status
chainctl auth token
chainctl config
chainctl config edit
chainctl config reset
chainctl config save
chainctl config set
chainctl config unset
chainctl config validate
chainctl config view
chainctl events
chainctl events subscriptions
chainctl events subscriptions create
chainctl events subscriptions delete
chainctl events subscriptions list
chainctl iam
chainctl iam account-associations
chainctl iam account-associations check
chainctl iam account-associations check aws
chainctl iam account-associations check gcp
chainctl iam account-associations describe
chainctl iam account-associations set
chainctl iam account-associations set aws
chainctl iam account-associations set gcp
chainctl iam account-associations unset
chainctl iam account-associations unset aws
chainctl iam account-associations unset gcp
chainctl iam folders
chainctl iam folders delete
chainctl iam folders describe
chainctl iam folders list
chainctl iam folders update
chainctl iam identities
chainctl iam identities create
chainctl iam identities create github
chainctl iam identities create gitlab
chainctl iam identities delete
chainctl iam identities describe
chainctl iam identities list
chainctl iam identities update
chainctl iam identity-providers
chainctl iam identity-providers create
chainctl iam identity-providers delete
chainctl iam identity-providers list
chainctl iam identity-providers update
chainctl iam invites
chainctl iam invites create
chainctl iam invites delete
chainctl iam invites list
chainctl iam organizations
chainctl iam organizations delete
chainctl iam organizations describe
chainctl iam organizations list
chainctl iam role-bindings
chainctl iam role-bindings create
chainctl iam role-bindings delete
chainctl iam role-bindings list
chainctl iam role-bindings update
chainctl iam roles
chainctl iam roles capabilities
chainctl iam roles capabilities list
chainctl iam roles create
chainctl iam roles delete
chainctl iam roles list
chainctl iam roles update
chainctl images
chainctl images diff
chainctl images list
chainctl images repos
chainctl images repos list
chainctl update
chainctl version
Open Source
Build Tools
apko
apko Overview
apko FAQs
Getting Started with apko
Troubleshooting apko Builds
Bazel Rules
melange
melange Overview
Getting Started with melange
Troubleshooting Builds
melange FAQs
SLSA
What is SLSA?
SBOMs
What is an SBOM?
OpenVEX and vexctl
What Makes a Good SBOM?
What is OpenVex?
SBOMs and Attestations
Wolfi
Wolfi Overview
Building a Wolfi Package
Wolfi FAQs
Why apk
Hello Wolfi Workshop
Wolfi Images with Dockerfiles
Package Version Selection
Open Container Initiative
What is the OCI?
What are OCI Artifacts?
Sigstore
Keyless Signing
Cosign
An Introduction to Cosign
How to Install Cosign
How to Sign a Container with Cosign
How to Sign Blobs and Standard Files with Cosign
How to Sign an SBOM with Cosign
How to Verify File Signatures with Cosign
Cosign: The Manual Way
Policy Controller
How to Install Sigstore Policy Controller
Policies
Enforce SBOM attestation with Policy Controller
Disallowing Non-Default Capabilities
Disallowing Privileged Pods
Disallowing Run as Root User
Maximum Container Image Age
Disallowing Unsafe sysctls
Verify Signed Chainguard Images
Critical CVEs
Rego Policies
Example Policies
Fulcio
An Introduction to Fulcio
How to Generate a Fulcio Certificate
How to Inspect and Verify Fulcio Certificates
Rekor
An Introduction to Rekor
How to Install the Rekor CLI
How to Query Rekor
How to Sign and Upload Metadata to Rekor
How to Verify File Signatures with Rekor or curl
How to Set Up An Instance of Rekor Instance Locally
Education
Containers
Selecting a Base Image
Software Supply Chain Security
Chainguard Glossary
Trademark Use Policy
Compliance
PCI DSS 4.0
Introduction to the PCI Data Security Standard (DSS) 4.0
Overview of PCI DSS 4.0 Practices/Requirements
Simplify Your Path to PCI DSS 4.0 Compliance with Chainguard
CMMC 2.0
Introduction to the Cybersecurity Maturity Model Certification (CMMC) 2.0
CMMC 2.0 Maturity Levels
Overview of CMMC 2.0 Practices/Control Groups
Simplify Your Path to CMMC 2.0 Compliance with Chainguard
CIS Benchmarks
Comics
#1 - Fighting Vulnerabilities
CVEs
What Are Software Vulnerabilities and CVEs?
Why Care About Software Vulnerabilities?
Infamous Software Vulnerabilities
Software Vulnerability Remediation
Secure Software Recommendations
Self-Attestation Form
Table of NIST SSDF
Minimum Attestation References
Go to Chainguard.dev
Send feedback
Contact
Chainguard Academy
Product Docs
Images
Overview
About
Shared Responsibility Model
Going Distroless
How Images are Tested
Dev vs. Production Images
Product Release Lifecycle
Images for Compiled Programs
Images for Compiled Programs
glibc vs. musl
Video: Why Our Images Have Low-to-No CVEs
Video: Beyond Zero at PyTorch 2024
Features
FIPS Images
STIGs
Unique Tags
Tag History API
CVE Visualizations
Custom Certificates
EOL Notifications
How to Use
Using Chainguard Images
Retrieve an Image's SBOM
Verifying Images
Images Directory
Compare Images with chainctl
Video: Using the Static Base Image
Video: Image Digests
Video: Reproducible Dockerfiles with Frizbee and Digestabot
Video: Software Versions
Video: Minimal Runtime Images
Getting Started Guides
C/C++
Cilium
Go
Istio
Laravel
MariaDB
NeMo
nginx
Node
PHP
PostgreSQL
Python
PyTorch
Ruby
WordPress
Staying Secure
Minimize CVE Risk
Video: Reproducibility and Chainguard Images
Updating Images
Image Update Considerations
EOL Vulnerabilities
Update Strategies and Tools
Using Renovate
Video: Up-to-date Images with Digestabot
Security Advisories
Using Advisories
Advisory Life Cycle
Managing Advisories
Working with Scanners
False Positives and Negatives
Grype
Trivy
Troubleshooting
Debugging
Video: Debugging Distroless Containers
Video: Debugging with Kubectl and CDebug
Vulnerability Comparisons
bash
busybox
curl
deno
dex
dotnet-runtime
dotnet-sdk
etcd
git
go
gradle
haproxy
jenkins
kube-state-metrics
mariadb
maven
memcached
minio
minio-client
nats
nginx
node
opensearch
php
postgres
python
r-base
rabbitmq
redis
ruby
rust
telegraf
traefik
wait-for-it
wolfi-base
zookeeper
FAQs
Registry
Registry Overview
Authenticating to Chainguard Registry
Pull Through Guides
Google Artifact Registry
Artifactory
Registry Pull-Through
Mirroring Packages
Nexus
Cloudsmith
Migration
Migration Overview
Porting a Sample Application
Migrating to Chainguard Images
Alpine Compatibility
Debian Compatibility
Ubuntu Compatibility
Red Hat Compatibility
PHP Migration
Node Migration
Video: Migrate Node.js Applications to Chainguard
Python Migration
Video: Migrating Go Applications to Chainguard
Video: Migrate Java Applications to Chainguard
Administration
Network Requirements
Install chainctl
chainctl Config
Terraform Provider
IAM & Organizations
IAM Overview
Manage IAM Organizations
Roles and Role-Bindings
Assumable Identities
Identity Examples
GitHub Actions Assumable Identity
GitLab CI/CD Assumable Identity
AWS Assumable Identity
Buildkite Assumable Identity
Bitbucket Assumable Identity
Jenkins Assumable Identity
Keycloak Assumable Identity
Verified Organizations
GitHub Team Role-binding
IDP Providers
Custom IDPs
Okta
Ping Identity
Microsoft Entra ID
CloudEvents
Mirror Images to Artifact Registry
Chainguard Events
OpenAPI Specification
chainctl
chainctl
chainctl auth
chainctl auth configure-docker
chainctl auth login
chainctl auth logout
chainctl auth status
chainctl auth token
chainctl config
chainctl config edit
chainctl config reset
chainctl config save
chainctl config set
chainctl config unset
chainctl config validate
chainctl config view
chainctl events
chainctl events subscriptions
chainctl events subscriptions create
chainctl events subscriptions delete
chainctl events subscriptions list
chainctl iam
chainctl iam account-associations
chainctl iam account-associations check
chainctl iam account-associations check aws
chainctl iam account-associations check gcp
chainctl iam account-associations describe
chainctl iam account-associations set
chainctl iam account-associations set aws
chainctl iam account-associations set gcp
chainctl iam account-associations unset
chainctl iam account-associations unset aws
chainctl iam account-associations unset gcp
chainctl iam folders
chainctl iam folders delete
chainctl iam folders describe
chainctl iam folders list
chainctl iam folders update
chainctl iam identities
chainctl iam identities create
chainctl iam identities create github
chainctl iam identities create gitlab
chainctl iam identities delete
chainctl iam identities describe
chainctl iam identities list
chainctl iam identities update
chainctl iam identity-providers
chainctl iam identity-providers create
chainctl iam identity-providers delete
chainctl iam identity-providers list
chainctl iam identity-providers update
chainctl iam invites
chainctl iam invites create
chainctl iam invites delete
chainctl iam invites list
chainctl iam organizations
chainctl iam organizations delete
chainctl iam organizations describe
chainctl iam organizations list
chainctl iam role-bindings
chainctl iam role-bindings create
chainctl iam role-bindings delete
chainctl iam role-bindings list
chainctl iam role-bindings update
chainctl iam roles
chainctl iam roles capabilities
chainctl iam roles capabilities list
chainctl iam roles create
chainctl iam roles delete
chainctl iam roles list
chainctl iam roles update
chainctl images
chainctl images diff
chainctl images list
chainctl images repos
chainctl images repos list
chainctl update
chainctl version
Open Source
Build Tools
apko
apko Overview
apko FAQs
Getting Started with apko
Troubleshooting apko Builds
Bazel Rules
melange
melange Overview
Getting Started with melange
Troubleshooting Builds
melange FAQs
SLSA
What is SLSA?
SBOMs
What is an SBOM?
OpenVEX and vexctl
What Makes a Good SBOM?
What is OpenVex?
SBOMs and Attestations
Wolfi
Wolfi Overview
Building a Wolfi Package
Wolfi FAQs
Why apk
Hello Wolfi Workshop
Wolfi Images with Dockerfiles
Package Version Selection
Open Container Initiative
What is the OCI?
What are OCI Artifacts?
Sigstore
Keyless Signing
Cosign
An Introduction to Cosign
How to Install Cosign
How to Sign a Container with Cosign
How to Sign Blobs and Standard Files with Cosign
How to Sign an SBOM with Cosign
How to Verify File Signatures with Cosign
Cosign: The Manual Way
Policy Controller
How to Install Sigstore Policy Controller
Policies
Enforce SBOM attestation with Policy Controller
Disallowing Non-Default Capabilities
Disallowing Privileged Pods
Disallowing Run as Root User
Maximum Container Image Age
Disallowing Unsafe sysctls
Verify Signed Chainguard Images
Critical CVEs
Rego Policies
Example Policies
Fulcio
An Introduction to Fulcio
How to Generate a Fulcio Certificate
How to Inspect and Verify Fulcio Certificates
Rekor
An Introduction to Rekor
How to Install the Rekor CLI
How to Query Rekor
How to Sign and Upload Metadata to Rekor
How to Verify File Signatures with Rekor or curl
How to Set Up An Instance of Rekor Instance Locally
Education
Containers
Selecting a Base Image
Software Supply Chain Security
Chainguard Glossary
Trademark Use Policy
Compliance
PCI DSS 4.0
Introduction to the PCI Data Security Standard (DSS) 4.0
Overview of PCI DSS 4.0 Practices/Requirements
Simplify Your Path to PCI DSS 4.0 Compliance with Chainguard
CMMC 2.0
Introduction to the Cybersecurity Maturity Model Certification (CMMC) 2.0
CMMC 2.0 Maturity Levels
Overview of CMMC 2.0 Practices/Control Groups
Simplify Your Path to CMMC 2.0 Compliance with Chainguard
CIS Benchmarks
Comics
#1 - Fighting Vulnerabilities
CVEs
What Are Software Vulnerabilities and CVEs?
Why Care About Software Vulnerabilities?
Infamous Software Vulnerabilities
Software Vulnerability Remediation
Secure Software Recommendations
Self-Attestation Form
Table of NIST SSDF
Minimum Attestation References
Go to Chainguard.dev
Send feedback
Contact
Workshop
Hello Wolfi Workshop
Community workshop about Wolfi for beginners
