-
We ran into this with bash-dev which has:
```
curl -sL https://packages.wolfi.dev/os/aarch64/bash-dev-5.2.21-r1.apk | tar -Oxz usr/lib/pkgconfig/bash.pc | grep Version
Version: 5.2-release
```
…
-
Today `apko` supports setting `SOURCE_DATE_EPOCH` to set the timestamp on images, but for Chainguard images we generally use the build timestamp because the `apko.yaml` config files rarely change, but…
-
It will be usefull to have rule to generate predicate for consuming at [attest](https://github.com/bazel-contrib/rules_oci/blob/main/cosign/private/attest.bzl) rule.
https://github.com/chainguard-dev…
-
Using `chainguard-dev/actions/melange-build@main` without specifying `sign-with-temporary-key` results in the key being generated (overwritten) regardless of the conditional @ https://github.com/chain…
-
I'm trying to get started with `rules_apko` and I'm failing to produce the `apko.lock.json` file. I have this, which I've copied from the examples:
```$ cat ./bazel/apko/base_images/wolfi/apko.yaml…
-
### What software would you like us to add to our image catalog? (one per issue please)
Please create tags or images for all supported Python versions (3.8 through 3.12 inclusive at the the time of t…
-
This broke our playground and led to pinning the version (for now):
https://github.com/chainguard-dev/playground/blob/163874895586ac06e051709e35b9ec79c84afce7/iac/main.tf#L12
-
Recently found out about (thanks @dlorenc!):
https://github.com/chainguard-dev/apko
https://github.com/chainguard-dev/melange
Which provide a toolchain to build fully composable OCI images out of…
-
**Description of the false positive**
This shouldn't be included because there is an adequate guard protecting against a path traversal payload.
**Code samples or links to source code**
```java…
-
# Summary
Propose to switch the official image from alpine based to [wolfi](https://github.com/wolfi-dev/os)-based image.
Wolfi is a distroless OS by Chainguard. Similar to Google's distroless p…