Wolfi: A community Linux OS designed for the container and cloud-native era

• pipeline

  51 8,285 9.7 Go

  A cloud-native Pipeline resource.

  

[2]: https://github.com/tektoncd/pipeline/issues/5507#issuecommen...

• community

  1 13 2.5

  Documents and tools powering the Wolfi OS community (by wolfi-dev)

  

You're welcome to join the regular community meeting: https://github.com/wolfi-dev/community

We do fully intend for wolfi to be a community project, but it will take some time. We do say on the home page:

>What are the plans for long-term Wolfi governance?

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• vulnerabilities

  2 12 4.3

  :rocket: A vulnerabilities database for fully-automated audits (by tholian-network)

  

Do you provide an OVAL feed?

Alpine is out of the picture for us because the guy that works on their security tracker just doesn't care, and responds half a year after filing an issue. The tracker itself is broken for over a year and the response was to basically rebuild our own package index and host our own security tracker.

So I would not say that Alpine has security as a high priority, even though in theory there are the secfixesdb.

Redhat Enterprise, Debian and Ubuntu are used because they provide an OVAL feed that are easily integrated with zero development overhead. So if compliance is your focus, I'd heavily recommend generating an OVAL feed when you're regenerating the secfixes json files.

Source: Am building a cross-linux-distro vulnerability database and I am scraping _all_ linux security trackers. [1]

[1] https://github.com/tholian-network/vulnerabilities

• os

  6 680 10.0 C

  Main package repository for production Wolfi images (by wolfi-dev)

  

> OK: 9494 distinct packages available

I opened that apkindex file and it had duplicate entries for a ton of packages with different versions, taking a look at https://github.com/wolfi-dev/os I only see about 840 yaml files which I assume define the packages. I don't think claiming to have 10k packages when only 10% of them are actually different pieces of software is a good claim to make. Nixpkgs would have millions of packages if we added up every single unique package from every revision.

• Flatcar

  20 627 7.5 Python

  Flatcar project repository for issue tracking, project documentation, etc.

  

Sounds like you're looking for the CoreOS Linux successor FlatCar https://www.flatcar.org/

It's actually based on some ChromeOS update tools under the hood but is a regular Linux distro, just super minimal and designed to run containers.

• images

  6 492 9.9 HCL

  Public Chainguard Images (by chainguard-images)

  

We needed Wolfi to be able to create minimal (distroless if you like) container images based on glibc with 0 vulnerabilities. Turns out a lot of other people are interested in Wolfi for various reasons, and we're more than happy to work with them.

You definitely don't need to use Wolfi! But I would say, if you run containers you might want to check out Chainguard Images: https://github.com/chainguard-images/images

• bottlerocket

  40 8,148 9.8 Rust

  An operating system designed for hosting containers

  

To add to the other excellent answers, I would recommend adding Bottlerocket to your reading list: https://github.com/bottlerocket-os/bottlerocket#readme

I'm also aware of (but haven't used) https://github.com/siderolabs/talos#readme

I just realized your question may have implied a desktop os, whereas Bottlerocket, Flatcar, and likely the others in this specific thread are server-side. I don't have much experience with trying to solve that problem on the desktop except for the horror-show that is snap

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• talos

  43 5,302 9.7 Go

  Talos Linux is a modern Linux distribution built for Kubernetes.

  

To add to the other excellent answers, I would recommend adding Bottlerocket to your reading list: https://github.com/bottlerocket-os/bottlerocket#readme

I'm also aware of (but haven't used) https://github.com/siderolabs/talos#readme

I just realized your question may have implied a desktop os, whereas Bottlerocket, Flatcar, and likely the others in this specific thread are server-side. I don't have much experience with trying to solve that problem on the desktop except for the horror-show that is snap

• attention-attention

  1 7 2.4 Python

  Attention! Attention!

I'm not sure what you mean by "non-trivial" but here's a simple discord bot I wrote in python, that I distribute as an OCI image and that is built with Nix for both x86_64 and aarch64 linux via GitHub actions: https://github.com/starcraft66/attention-attention

There is no SBOM because I didn't bother publishing one but the way Nix builds derivations, you basically get the SBOM for free. You could use a tool like sbomnix[1] to trivially generate an SPDX-format SBOM from the nix derivation that builds the container image.

1: https://github.com/tiiuae/sbomnix

• sbomnix

  1 97 8.9 Python

  A suite of utilities to help with software supply chain challenges on nix targets

  

I'm not sure what you mean by "non-trivial" but here's a simple discord bot I wrote in python, that I distribute as an OCI image and that is built with Nix for both x86_64 and aarch64 linux via GitHub actions: https://github.com/starcraft66/attention-attention

There is no SBOM because I didn't bother publishing one but the way Nix builds derivations, you basically get the SBOM for free. You could use a tool like sbomnix[1] to trivially generate an SPDX-format SBOM from the nix derivation that builds the container image.

1: https://github.com/tiiuae/sbomnix

Suggest a related project