https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/Recent content in Staying Secure onHugo -- gohugo.ioenCopyright (c) 2023 ChainguardThu, 19 Dec 2024 08:49:15 +0000https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/cve-risk/Thu, 16 Nov 2023 11:07:52 +0200https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/cve-risk/<p><a href="https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/cves/cve-intro/#what-is-a-cve">Common vulnerabilities and exposures</a> (CVEs) are an increasing concern for developers and organizations, which is why Chainguard developed its minimal container images that reduce the attack surface. A new CVE in a widely-used application or a vulnerability scan with numerous positive results can significantly impact security posture, compliance requirements, and development timelines.</p> <p>Chances are, your software has already been impacted by a CVE. It&rsquo;s likely there are active CVEs in software you are using. After all, there are software vulnerabilities currently in existence that haven&rsquo;t even been discovered (known as <a href="https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/glossary/#zero-day">zero-day vulnerabilities</a>). With that said, this conceptual article aims to highlight a few practices and strategies you and your team can use to reduce the risk of CVEs on your software. It also includes a section on <a href="https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/cve-risk/#recommended-tools">tools recommended by Chainguard</a> that can help to reduce your attack surface area and minimize your risk of CVEs.</p>https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/fedramp-considerations/Wed, 29 Jan 2025 15:56:52 -0700https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/fedramp-considerations/<p>Many frequently asked questions revolve around how organizations are meant to stay on top of the changing landscape for FedRAMP, PMOS, Revisions, and Certificates. This article outlines various considerations and risk factors that organizations should keep in mind when working to become and stay FedRAMP authorized.</p> <h2 id="important-considerations-for-pmo-revision-trends" class="heading-2" data-heading-level="2"> <span class="heading-text">Important Considerations for PMO Revision Trends</span> <a href="#important-considerations-for-pmo-revision-trends" class="anchor" aria-label="Link to Important Considerations for PMO Revision Trends" title="Link to this section"> <svg width="16" height="9" viewBox="0 0 16 9" fill="none" xmlns="http://www.w3.org/2000/svg" aria-hidden="true"> <path d="M6.833 8.125H4C3 8.125 2.146 7.77067 1.438 7.062C0.729333 6.354 0.375 5.5 0.375 4.5C0.375 3.5 0.729333 2.646 1.438 1.938C2.146 1.22933 3 0.875 4 0.875H6.833V1.958H4C3.30533 1.958 2.708 2.208 2.208 2.708C1.708 3.208 1.458 3.80533 1.458 4.5C1.458 5.19467 1.708 5.792 2.208 6.292C2.708 6.792 3.30533 7.042 4 7.042H6.833V8.125ZM5.208 5.042V3.958H10.792V5.042H5.208ZM9.167 8.125V7.042H12C12.6947 7.042 13.292 6.792 13.792 6.292C14.292 5.792 14.542 5.19467 14.542 4.5C14.542 3.80533 14.292 3.208 13.792 2.708C13.292 2.208 12.6947 1.958 12 1.958H9.167V0.875H12C13 0.875 13.854 1.22933 14.562 1.938C15.2707 2.646 15.625 3.5 15.625 4.5C15.625 5.5 15.2707 6.354 14.562 7.062C13.854 7.77067 13 8.125 12 8.125H9.167Z" fill="currentColor"/> </svg> </a> </h2><p>There are a number of things one should keep in mind when analyzing revision trends from the FedRAMP Program Management Office (PMO) — which oversees the development of the FedRAMP program — and the changes in <a href="https://csrc.nist.gov/projects/fips-140-3-transition-effort">FIPS 140-3</a>. The following are of particular importance:</p>https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/repro/Mon, 20 May 2024 12:21:01 +0000https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/repro/<div style="position: relative; padding-bottom: 56.25%; height: 0; overflow: hidden;"> <iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share; fullscreen" loading="eager" referrerpolicy="strict-origin-when-cross-origin" src="https://www.youtube.com/embed/0Qn2J89UEvI?autoplay=0&amp;controls=1&amp;end=0&amp;loop=0&amp;mute=0&amp;start=0" style="position: absolute; top: 0; left: 0; width: 100%; height: 100%; border:0;" title="YouTube video"></iframe> </div> <h2 id="clarification" class="heading-2" data-heading-level="2"> <span class="heading-text">Clarification</span> <a href="#clarification" class="anchor" aria-label="Link to Clarification" title="Link to this section"> <svg width="16" height="9" viewBox="0 0 16 9" fill="none" xmlns="http://www.w3.org/2000/svg" aria-hidden="true"> <path d="M6.833 8.125H4C3 8.125 2.146 7.77067 1.438 7.062C0.729333 6.354 0.375 5.5 0.375 4.5C0.375 3.5 0.729333 2.646 1.438 1.938C2.146 1.22933 3 0.875 4 0.875H6.833V1.958H4C3.30533 1.958 2.708 2.208 2.208 2.708C1.708 3.208 1.458 3.80533 1.458 4.5C1.458 5.19467 1.708 5.792 2.208 6.292C2.708 6.792 3.30533 7.042 4 7.042H6.833V8.125ZM5.208 5.042V3.958H10.792V5.042H5.208ZM9.167 8.125V7.042H12C12.6947 7.042 13.292 6.792 13.792 6.292C14.292 5.792 14.542 5.19467 14.542 4.5C14.542 3.80533 14.292 3.208 13.792 2.708C13.292 2.208 12.6947 1.958 12 1.958H9.167V0.875H12C13 0.875 13.854 1.22933 14.562 1.938C15.2707 2.646 15.625 3.5 15.625 4.5C15.625 5.5 15.2707 6.354 14.562 7.062C13.854 7.77067 13 8.125 12 8.125H9.167Z" fill="currentColor"/> </svg> </a> </h2><p>In this video we mention needing to keep copies of old APKs in order to be able to recreate images. This wasn&rsquo;t fully accurate — in fact we do keep all our previously issued APKs, so you can build images from months (and in the future, years) ago without issue. We currently retain all of these package versions indefinitely (only servicing latest), but in the future we may age things out just to manage the size of the index.</p>https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/updating-images/Thu, 19 Dec 2024 08:49:15 +0000https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/updating-images/https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/security-advisories/Fri, 26 Jul 2024 18:09:12 +0000https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/security-advisories/https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/working-with-scanners/Mon, 17 Jun 2024 08:49:15 +0000https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/working-with-scanners/https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/enforcement/Tue, 02 Sep 2025 10:00:00 +0000https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/enforcement/