Our great sponsors
-
trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
On the left, you have an overview of CVEs detected by Trivy on the nginx:latest container image, from August to September. This includes low, medium, high, and critical CVEs (classified by color). On the right side, you can see the results from a Trivy run on our distroless Nginx image: zero CVEs.
It's worth noting that our knowledge base is open source and we are committed to keep iterating on it in order to provide the best documentation around the software supply chain, and the wider community is invited to propose improvements and new topics. We are still working on contributing guidelines, but they should be available soon (and in time for Hacktoberfest, dare I say!). Yay! You can find us on GitHub.
Powered by Wolfi, Chainguard Images are a suite of distroless images that consolidate the base features of the Wolfi undistro into end-user container images that can be integrated into existing workflows. Chainguard Images are fully declarative and reproducible, and include SBOMs that cover all image dependencies. In addition, Chainguard Images are signed via Sigstore, which attests the provenance of all artifacts. All images and corresponding signatures, as well as their SBOMs, are hosted in Chainguard's OCI registry cgr.dev.