Some engineers in the containers community have advocated for small images. These "small image" proponents support using base images such as distroless and alpine and image optimization tools such as Docker Slim. But small images can still be complex, and the complexity is the true enemy, not simply size. By…
Software Bill of Materials documents, or SBOMs, have become a hot topic in software supply chain security these days, with everyone bringing their own solution to the table in response to President Biden’s executive order last year. While vendors advertise that these solutions are easy to use and accurate,…
One of the most common – and most dangerous – practices we see is running outdated container images in production. I frequently read Internet comments such as “I just decommissioned my last Alpine 3.5 container,” or “I just got around to updating my images from Debian 8 to Debian 11”. Alpine…
Earlier today, Chainguard released version 0.1 of our apko tool. This tool allows for the composition of so-called “distroless” images from APK-based software distributions, such as Alpine Linux, using a declarative configuration. Unlike the traditional distroless tooling, apko enables the creation of minimal, small-attack-surface images without the complications of…