-
Automatically generate VEX statements based on call graph analysis or ignored vulnerabilities set in the scanner config.
-
```
$ docker run --platform=linux/amd64 --rm -it --pull always cgr.dev/chainguard/wolfi-base
latest: Pulling from chainguard/wolfi-base
Digest: sha256:3490ac41510e17846b30c9ebfc4a323dfdecbd9a35e7b0…
-
@vaikas @cpanato maybe we should beef up the `setup-kind` testing here to setup `sigstore/scaffolding`? Then we should be able to detect this pretty quickly 🤞
_Originally posted by @mattmo…
-
YAML file
```yaml
# SPDX-FileCopyrightText: 2023 Chainguard, Inc
# SPDX-License-Identifier: Apache-2.0
#
# This is a sample configuration file to demonstrate how to build a software
# project us…
-
Currently pkg/build/pipelines/python/import.yaml uses python3, this should be configurable
-
I am trying to achieve the following in Bazel, in order to migrate away from `rules_docker`:
- Base image pulled using `rules_oci`
- An Alpine package installed using apko (`git`)
- Final appl…
njlr updated
5 months ago
-
**What would you like to be added**:
FIPS 140-2 compliant images.
**Why is this needed**:
At Acquia we’re currently using this component as part of our globally distributed Kubernetes infrastruct…
-
**What topic are you requesting a resource about?**
* **Chainguard product**
* Open source related
* Conceptual security related
* Other (please describe)
**Proposed title:**
**Description:*…
-
https://github.com/ko-build/ko
1. What is the benefit?
2. Is there any trade-off?
3. Update container release github action to use ko
-
- https://containerd.io/docs/getting-started/