-
I'm looking into this CVE in the `cgr.dev/chainguard/jenkins:latest` image :)
-
**What topic are you requesting a resource about?**
* **Chainguard product**
* Open source related
* Conceptual security related
* Other (please describe)
**Proposed title:**
TBD (potentiall…
-
alpine's `apk` (and associated c libs) offer few methods for dealing with private repos, in fact it appears http-basic-auth is the only available option. However `apko` does not support http basic aut…
-
Hey there [Chainguard](https://github.com/chainguard-dev) here.
We noticed that you are using [Chainguard Images](https://github.com/chainguard-images/images), thank you! We wanted to make you aware …
-
I did have an initial attempt of getting melange bump to reuse pipeline mutation functions but that caused circular dependencies. i.e. functions in the `build` package use function in `renovate` so `…
-
It would be nice to have packages alphabetized so it's easier to find if a particular package is there or not visually. Add verbiage saying this is the convention, update existing packages (this could…
-
## Currently
Currently in the Makefile the following code exists to download and build the protobuf dependencies from Tendermint https://github.com/cosmos/cosmos-sdk/blob/40180cda8fe96a11c4797a7faf63…
-
We should verify that an apk client (e.g. the `apk` command, apko, others?) can successfully install every package we produce. This should be a check in CI, and ideally it'd be easy to run locally, to…
-
When we fetch an APK, we fetch, expand, and install.
See `gcc`:
When we have a cache hit, we skip the fetch, but we still do the expand:
That 1.2s does not change across image builds …
-
**Describe the bug**
I noticed that we are still using `cosign download sbom` across the site, which accesses the unsigned SBOM.
We are moving away from the unsigned SBOMs (as part of the TF mig…