Chainguard Academy
Product Docs
Images
Overview
FAQs
Verifying Images
How to Use
Going Distroless
Getting Started Guides
C/C++
Cilium
Go
Istio
Laravel
MariaDB
NeMo
nginx
Node
PHP
PostgreSQL
Python
PyTorch
Ruby
WordPress
Vulnerability Comparisons
bash
busybox
cassandra
curl
deno
dex
dotnet-runtime
dotnet-sdk
etcd
git
go
gradle
haproxy
influxdb
jenkins
kube-state-metrics
mariadb
maven
memcached
minio
minio-client
nats
nginx
node
opensearch
php
postgres
python
r-base
rabbitmq
redis
ruby
rust
telegraf
traefik
wait-for-it
wolfi-base
zookeeper
Working with Images
Retrieve an Image's SBOM
Security Advisories
Using Advisories
Advisory Life Cycle
Managing Advisories
Images Directory
Using Renovate
Compare Images with chainctl
Custom Certificates
Tag History API
FIPS Images
STIGs
Unique Tags
EOL Notifications
Working with Scanners
Grype
Trivy
Images for Compiled Programs
Images for Compiled Programs
glibc vs. musl
Recommended Practices
Shared Responsibility Model
Image Update Considerations
Minimize CVE Risk
False Positives and Negatives
Videos
Minimal Runtime Images
Using the Static Base Image
Software Versions
Chainguard Security Advisories & Diff API
Image Digests
Up-to-date Images with Digestabot
Migrating Go Applications to Chainguard
Reproducible Dockerfiles with Frizbee and Digestabot
Why our images have Low-to-No CVEs
Reproducibility and Chainguard Images
Debugging Distroless Containers
Debugging with Kubectl and CDebug
Migrate Node.js Applications to Chainguard
Migrate Java Applications to Chainguard
Beyond Zero at PyTorch 2024
How Images are Tested
Product Release Lifecycle
Dev vs. Production Images
Debugging
Registry
Registry Overview
Authenticating to Chainguard Registry
Pull Through Guides
Google Artifact Registry
Artifactory
Registry Pull-Through
Mirroring Packages
Nexus
Cloudsmith
Migration
Migration Overview
Porting a Sample Application
Migrating to Chainguard Images
Alpine Compatibility
Debian Compatibility
Ubuntu Compatibility
Red Hat Compatibility
PHP Migration
Node Migration
Python Migration
Administration
Network Requirements
Install chainctl
chainctl Config
Terraform Provider
IAM & Organizations
IAM Overview
Manage IAM Organizations
Roles and Role-Bindings
Assumable Identities
Identity Examples
GitHub Actions Assumable Identity
GitLab CI/CD Assumable Identity
AWS Assumable Identity
Buildkite Assumable Identity
Bitbucket Assumable Identity
Jenkins Assumable Identity
Keycloak Assumable Identity
Verified Organizations
GitHub Team Role-binding
IDP Providers
Custom IDPs
Okta
Ping Identity
Microsoft Entra ID
CloudEvents
Mirror Images to Artifact Registry
Chainguard Events
OpenAPI Specification
chainctl
chainctl
chainctl auth
chainctl auth configure-docker
chainctl auth login
chainctl auth logout
chainctl auth status
chainctl auth token
chainctl config
chainctl config edit
chainctl config reset
chainctl config save
chainctl config set
chainctl config unset
chainctl config validate
chainctl config view
chainctl events
chainctl events subscriptions
chainctl events subscriptions create
chainctl events subscriptions delete
chainctl events subscriptions list
chainctl iam
chainctl iam account-associations
chainctl iam account-associations check
chainctl iam account-associations check aws
chainctl iam account-associations check gcp
chainctl iam account-associations describe
chainctl iam account-associations set
chainctl iam account-associations set aws
chainctl iam account-associations set gcp
chainctl iam account-associations unset
chainctl iam account-associations unset aws
chainctl iam account-associations unset gcp
chainctl iam folders
chainctl iam folders delete
chainctl iam folders describe
chainctl iam folders list
chainctl iam folders update
chainctl iam identities
chainctl iam identities create
chainctl iam identities create github
chainctl iam identities create gitlab
chainctl iam identities delete
chainctl iam identities describe
chainctl iam identities list
chainctl iam identities update
chainctl iam identity-providers
chainctl iam identity-providers create
chainctl iam identity-providers delete
chainctl iam identity-providers list
chainctl iam identity-providers update
chainctl iam invites
chainctl iam invites create
chainctl iam invites delete
chainctl iam invites list
chainctl iam organizations
chainctl iam organizations delete
chainctl iam organizations describe
chainctl iam organizations list
chainctl iam role-bindings
chainctl iam role-bindings create
chainctl iam role-bindings delete
chainctl iam role-bindings list
chainctl iam role-bindings update
chainctl iam roles
chainctl iam roles capabilities
chainctl iam roles capabilities list
chainctl iam roles create
chainctl iam roles delete
chainctl iam roles list
chainctl iam roles update
chainctl images
chainctl images diff
chainctl images list
chainctl images repos
chainctl images repos list
chainctl update
chainctl version
Open Source
Build Tools
apko
apko Overview
apko FAQs
Getting Started with apko
Troubleshooting apko Builds
Bazel Rules
melange
melange Overview
Getting Started with melange
Troubleshooting Builds
melange FAQs
SLSA
What is SLSA?
SBOMs
What is an SBOM?
OpenVEX and vexctl
What Makes a Good SBOM?
What is OpenVex?
SBOMs and Attestations
Wolfi
Wolfi Overview
Building a Wolfi Package
Wolfi FAQs
Why apk
Hello Wolfi Workshop Kit
Wolfi Images with Dockerfiles
Package Version Selection
Open Container Initiative
What is the OCI?
What are OCI Artifacts?
Sigstore
Keyless Signing
Cosign
An Introduction to Cosign
How to Install Cosign
How to Sign a Container with Cosign
How to Sign Blobs and Standard Files with Cosign
How to Sign an SBOM with Cosign
How to Verify File Signatures with Cosign
Cosign: The Manual Way
Policy Controller
How to Install Sigstore Policy Controller
Policies
Enforce SBOM attestation with Policy Controller
Disallowing Non-Default Capabilities
Disallowing Privileged Pods
Disallowing Run as Root User
Maximum Container Image Age
Disallowing Unsafe sysctls
Verify Signed Chainguard Images
Critical CVEs
Rego Policies
Example Policies
Fulcio
An Introduction to Fulcio
How to Generate a Fulcio Certificate
How to Inspect and Verify Fulcio Certificates
Rekor
An Introduction to Rekor
How to Install the Rekor CLI
How to Query Rekor
How to Sign and Upload Metadata to Rekor
How to Verify File Signatures with Rekor or curl
How to Set Up An Instance of Rekor Instance Locally
Education
Containers
Selecting a Base Image
Software Supply Chain Security
Chainguard Glossary
Compliance
PCI DSS 4.0
Introduction to the PCI Data Security Standard (DSS) 4.0
Overview of PCI DSS 4.0 Practices/Requirements
Simplify Your Path to PCI DSS 4.0 Compliance with Chainguard
CMMC 2.0
Introduction to the Cybersecurity Maturity Model Certification (CMMC) 2.0
CMMC 2.0 Maturity Levels
Overview of CMMC 2.0 Practices/Control Groups
Simplify Your Path to CMMC 2.0 Compliance with Chainguard
CIS Benchmarks
Comics
#1 - Fighting Vulnerabilities
CVEs
What Are Software Vulnerabilities and CVEs?
Why Care About Software Vulnerabilities?
Infamous Software Vulnerabilities
Software Vulnerability Remediation
Secure Software Recommendations
Self-Attestation Form
Table of NIST SSDF
Minimum Attestation References
Go to Chainguard.dev
Send feedback
Contact
Chainguard Academy
Product Docs
Images
Overview
FAQs
Verifying Images
How to Use
Going Distroless
Getting Started Guides
C/C++
Cilium
Go
Istio
Laravel
MariaDB
NeMo
nginx
Node
PHP
PostgreSQL
Python
PyTorch
Ruby
WordPress
Vulnerability Comparisons
bash
busybox
cassandra
curl
deno
dex
dotnet-runtime
dotnet-sdk
etcd
git
go
gradle
haproxy
influxdb
jenkins
kube-state-metrics
mariadb
maven
memcached
minio
minio-client
nats
nginx
node
opensearch
php
postgres
python
r-base
rabbitmq
redis
ruby
rust
telegraf
traefik
wait-for-it
wolfi-base
zookeeper
Working with Images
Retrieve an Image's SBOM
Security Advisories
Using Advisories
Advisory Life Cycle
Managing Advisories
Images Directory
Using Renovate
Compare Images with chainctl
Custom Certificates
Tag History API
FIPS Images
STIGs
Unique Tags
EOL Notifications
Working with Scanners
Grype
Trivy
Images for Compiled Programs
Images for Compiled Programs
glibc vs. musl
Recommended Practices
Shared Responsibility Model
Image Update Considerations
Minimize CVE Risk
False Positives and Negatives
Videos
Minimal Runtime Images
Using the Static Base Image
Software Versions
Chainguard Security Advisories & Diff API
Image Digests
Up-to-date Images with Digestabot
Migrating Go Applications to Chainguard
Reproducible Dockerfiles with Frizbee and Digestabot
Why our images have Low-to-No CVEs
Reproducibility and Chainguard Images
Debugging Distroless Containers
Debugging with Kubectl and CDebug
Migrate Node.js Applications to Chainguard
Migrate Java Applications to Chainguard
Beyond Zero at PyTorch 2024
How Images are Tested
Product Release Lifecycle
Dev vs. Production Images
Debugging
Registry
Registry Overview
Authenticating to Chainguard Registry
Pull Through Guides
Google Artifact Registry
Artifactory
Registry Pull-Through
Mirroring Packages
Nexus
Cloudsmith
Migration
Migration Overview
Porting a Sample Application
Migrating to Chainguard Images
Alpine Compatibility
Debian Compatibility
Ubuntu Compatibility
Red Hat Compatibility
PHP Migration
Node Migration
Python Migration
Administration
Network Requirements
Install chainctl
chainctl Config
Terraform Provider
IAM & Organizations
IAM Overview
Manage IAM Organizations
Roles and Role-Bindings
Assumable Identities
Identity Examples
GitHub Actions Assumable Identity
GitLab CI/CD Assumable Identity
AWS Assumable Identity
Buildkite Assumable Identity
Bitbucket Assumable Identity
Jenkins Assumable Identity
Keycloak Assumable Identity
Verified Organizations
GitHub Team Role-binding
IDP Providers
Custom IDPs
Okta
Ping Identity
Microsoft Entra ID
CloudEvents
Mirror Images to Artifact Registry
Chainguard Events
OpenAPI Specification
chainctl
chainctl
chainctl auth
chainctl auth configure-docker
chainctl auth login
chainctl auth logout
chainctl auth status
chainctl auth token
chainctl config
chainctl config edit
chainctl config reset
chainctl config save
chainctl config set
chainctl config unset
chainctl config validate
chainctl config view
chainctl events
chainctl events subscriptions
chainctl events subscriptions create
chainctl events subscriptions delete
chainctl events subscriptions list
chainctl iam
chainctl iam account-associations
chainctl iam account-associations check
chainctl iam account-associations check aws
chainctl iam account-associations check gcp
chainctl iam account-associations describe
chainctl iam account-associations set
chainctl iam account-associations set aws
chainctl iam account-associations set gcp
chainctl iam account-associations unset
chainctl iam account-associations unset aws
chainctl iam account-associations unset gcp
chainctl iam folders
chainctl iam folders delete
chainctl iam folders describe
chainctl iam folders list
chainctl iam folders update
chainctl iam identities
chainctl iam identities create
chainctl iam identities create github
chainctl iam identities create gitlab
chainctl iam identities delete
chainctl iam identities describe
chainctl iam identities list
chainctl iam identities update
chainctl iam identity-providers
chainctl iam identity-providers create
chainctl iam identity-providers delete
chainctl iam identity-providers list
chainctl iam identity-providers update
chainctl iam invites
chainctl iam invites create
chainctl iam invites delete
chainctl iam invites list
chainctl iam organizations
chainctl iam organizations delete
chainctl iam organizations describe
chainctl iam organizations list
chainctl iam role-bindings
chainctl iam role-bindings create
chainctl iam role-bindings delete
chainctl iam role-bindings list
chainctl iam role-bindings update
chainctl iam roles
chainctl iam roles capabilities
chainctl iam roles capabilities list
chainctl iam roles create
chainctl iam roles delete
chainctl iam roles list
chainctl iam roles update
chainctl images
chainctl images diff
chainctl images list
chainctl images repos
chainctl images repos list
chainctl update
chainctl version
Open Source
Build Tools
apko
apko Overview
apko FAQs
Getting Started with apko
Troubleshooting apko Builds
Bazel Rules
melange
melange Overview
Getting Started with melange
Troubleshooting Builds
melange FAQs
SLSA
What is SLSA?
SBOMs
What is an SBOM?
OpenVEX and vexctl
What Makes a Good SBOM?
What is OpenVex?
SBOMs and Attestations
Wolfi
Wolfi Overview
Building a Wolfi Package
Wolfi FAQs
Why apk
Hello Wolfi Workshop Kit
Wolfi Images with Dockerfiles
Package Version Selection
Open Container Initiative
What is the OCI?
What are OCI Artifacts?
Sigstore
Keyless Signing
Cosign
An Introduction to Cosign
How to Install Cosign
How to Sign a Container with Cosign
How to Sign Blobs and Standard Files with Cosign
How to Sign an SBOM with Cosign
How to Verify File Signatures with Cosign
Cosign: The Manual Way
Policy Controller
How to Install Sigstore Policy Controller
Policies
Enforce SBOM attestation with Policy Controller
Disallowing Non-Default Capabilities
Disallowing Privileged Pods
Disallowing Run as Root User
Maximum Container Image Age
Disallowing Unsafe sysctls
Verify Signed Chainguard Images
Critical CVEs
Rego Policies
Example Policies
Fulcio
An Introduction to Fulcio
How to Generate a Fulcio Certificate
How to Inspect and Verify Fulcio Certificates
Rekor
An Introduction to Rekor
How to Install the Rekor CLI
How to Query Rekor
How to Sign and Upload Metadata to Rekor
How to Verify File Signatures with Rekor or curl
How to Set Up An Instance of Rekor Instance Locally
Education
Containers
Selecting a Base Image
Software Supply Chain Security
Chainguard Glossary
Compliance
PCI DSS 4.0
Introduction to the PCI Data Security Standard (DSS) 4.0
Overview of PCI DSS 4.0 Practices/Requirements
Simplify Your Path to PCI DSS 4.0 Compliance with Chainguard
CMMC 2.0
Introduction to the Cybersecurity Maturity Model Certification (CMMC) 2.0
CMMC 2.0 Maturity Levels
Overview of CMMC 2.0 Practices/Control Groups
Simplify Your Path to CMMC 2.0 Compliance with Chainguard
CIS Benchmarks
Comics
#1 - Fighting Vulnerabilities
CVEs
What Are Software Vulnerabilities and CVEs?
Why Care About Software Vulnerabilities?
Infamous Software Vulnerabilities
Software Vulnerability Remediation
Secure Software Recommendations
Self-Attestation Form
Table of NIST SSDF
Minimum Attestation References
Go to Chainguard.dev
Send feedback
Contact
Workshop Kit
Hello Wolfi Workshop Kit
Community workshop kit about Wolfi for beginners