Migrate Archivista base image to Chainguard images

in-toto / archivista

Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for software artifacts.

Apache License 2.0

69 stars 24 forks source link

Migrate Archivista base image to Chainguard images #119

Open kairoaraujo opened 10 months ago

kairoaraujo commented 10 months ago

From the security supply chain perspective, Chainguard is doing great with its images. It would be interesting to migrate our base images for Archivista to Chainguard Golang images.

Dockerfile

I added some references below.

References

https://www.chainguard.dev/chainguard-images
https://thenewstack.io/chainguard-its-all-about-that-base-image/

kairoaraujo commented 10 months ago

Including the Image Digest Update (digestabot) See https://github.com/marketplace/actions/update-the-image-digest