Chainguard Images / Wolfi

Jan 1, 0001

Definition

Chainguard Images, including Wolfi, are a set of secure, minimal container images designed to enhance supply chain security by reducing the attack surface and ensuring that only necessary components are included. These images are built from scratch with a focus on security best practices, such as using non-root users and incorporating reproducible builds to ensure integrity and transparency. Wolfi is a Linux distribution specifically crafted for containerized environments, providing a base for Chainguard Images that is optimized for security and compliance.

Secure Settings Example

apiVersion: v1
kind: Pod
metadata:
  name: secure-pod
spec:
  containers:
  - name: secure-container
    image: wolfi-secure-image:latest
    securityContext:
      runAsNonRoot: true
      readOnlyRootFilesystem: true
      capabilities:
        drop:
        - ALL

Insecure Settings Example

apiVersion: v1
kind: Pod
metadata:
  name: insecure-pod
spec:
  containers:
  - name: insecure-container
    image: wolfi-insecure-image:latest
    securityContext:
      runAsNonRoot: false
      readOnlyRootFilesystem: false
      capabilities:
        add:
        - NET_ADMIN

Chainguard Images / Wolfi

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter