chainguard-images
May 25, 2024
·
1 min read

chainguard-images is a curated collection of secure, minimal, and production-ready container images built on top of Chainguard’s distroless base images (Wolfi/Apko). By stripping out unnecessary tools, shells, package managers, and libraries, these images achieve an extremely small footprint and approach a Zero-CVE status by design.
This collection packages various applications and language runtimes, ensuring secure-by-default execution in modern container orchestration stacks.
Security Benefits of Distroless
- Minimizing Attack Surface: Removing standard shell binaries (
/bin/sh,/bin/bash) and diagnostic tools prevents attackers from executing arbitrary commands upon compromise. - Vulnerability reduction: Eliminating unused packages results in container images that trigger fewer CVE alerts in security scanners.
- Secure Ingestion: Optimized for high-assurance and air-gapped container registries that require signed, low-overhead artifacts.
- Reproducible Builds: Compiled using secure and verifiable declarative build files.
