# Chainguard Academy > Documentation, tutorials, and resources for Chainguard products and software supply chain security. ## Chainguard Products - [Chainguard VMs Overview](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/vms/overview.md): Chainguard VMs are designed for minimalism, security, and operational clarity. - [Overview of Chainguard's Package Repositories](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/features/packages/package-model.md): Overview of Chainguard's package repositories, highlighting the different repositories and how to access them. - [Build Java Containers with Jib](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/tooling/building-java-containers-with-jib.md): In this tutorial, you'll learn how to build minimal Java containers using Jib and Chainguard base images - [Build Go Containers with Ko](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/tooling/building-go-containers-with-ko.md): In this tutorial, you'll learn how to build minimal Go Containers using Ko and Chainguard base images - [Chainguard Libraries overview](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/libraries/overview.md): Learn about Chainguard Libraries, providing enhanced security for Java, JavaScript, and Python dependencies through automated patching and comprehensive supply chain protection. - [Quick start for Chainguard Libraries](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/libraries/quickstart.md): Learn how to get started with Chainguard Libraries - [Overview of Chainguard Custom Assembly](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/features/ca-docs/custom-assembly.md): How to use Chainguard's Custom Assembly tool - [Chainguard Libraries access](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/libraries/access.md): Learn how to access Chainguard Libraries for enhanced security in Java and Python dependencies, including authentication and organization setup - [Custom Assembly FAQs](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/features/ca-docs/faq.md): Answers to your questions about Chainguard's Custom Assembly tool - [Getting Started with the C/C++ Chainguard Containers](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/getting-started/c.md): Learn how to compile and run C/C++ applications using Chainguard's security-hardened containers with minimal CVEs and optimized runtime environments - [Chainguard Libraries network requirements](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/libraries/network-requirements.md): Learn the network requirements for accessing Chainguard Libraries, including domains needed for authentication, package downloads, and verification tools - [Chainguard Libraries verification](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/libraries/verification.md): Learn how to verify libraries and packages are from Chainguard Libraries using the chainctl tool for enhanced supply chain security - [Chainguard End-of-Life Grace Period for Containers](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/features/eol-gp-overview.md): Understanding Chainguard's end-of-life (EOL) grace period. - [Chainguard Criteria for Determining Whether to Build a Container Image](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/what-chainguard-will-build.md): An overview of what Chainguard will build - [Chainguard VMs Compliance Features](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/vms/compliance-features.md): Learn about supported compliance features for Chainguard VMs - [Kubernetes Policy Enforcement with OPA Gatekeeper](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/enforcement/opa-gatekeeper.md): How to enforce best practices and ensure compliance with OPA Gatekeeper. - [Using the Chainguard Console to Manage Custom Assembly Resources](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/features/ca-docs/custom-assembly-console.md): How to use Chainguard's Custom Assembly tool in the Chainguard console. - [Chainguard Shared Responsibility Model](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/shared-responsibility-model.md): Reference guide outlining Chainguard's Shared Responsibility model: a framework that clarifies security obligations for hardened container images. - [How to Set Up Pull Through from Chainguard's Registry to Google Artifact Registry](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/chainguard-registry/pull-through-guides/artifact-registry-pull-through.md): Tutorial outlining how to set up a Google Artifact Registry repository to pull Containers through from Chainguard's registry. - [How to Set Up Pull-through from Chainguard's Container Registry to Artifactory](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/chainguard-registry/pull-through-guides/artifactory/artifactory-images-pull-through.md): Tutorial outlining how to set up a remote Artifactory repository to pull images through Chainguard's container registry. - [Getting Started with the Cilium Chainguard Containers](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/getting-started/cilium.md): Learn how to deploy Cilium CNI using Chainguard's security-hardened container images for enhanced Kubernetes network security with eBPF - [Strategies for Minimizing your CVE Risk](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/cve-risk.md): Learn strategies for minimizing CVE risk in container images, including how Chainguard's approach to minimal images and rapid patching helps reduce vulnerabilities - [Considerations for Keeping Containers Up to Date](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/updating-images/considerations-for-image-updates.md): Learn best practices for updating container images, including Chainguard's approach to daily rebuilds, semantic versioning, and balancing security with stability - [Debugging distroless container images](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/troubleshooting/debugging-distroless-images.md): In this article, we'll discuss a few different strategies to debug distroless images, considering these images typically don't include a shell or package managers. - [Registry Overview](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/chainguard-registry/overview.md): Learn about Chainguard's container registry, including public access to free images, authenticated access for production images, and network requirements - [Overview of Chainguard Containers](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/overview.md): Learn about Chainguard Containers, distroless images, and how they provide enhanced security through minimal attack surface and comprehensive supply chain features. - [CVE remediation for Chainguard Libraries](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/libraries/cve-remediation.md): An overview of the CVE remediation feature for Chainguard Libraries - [How to Set Up Pull Through from Chainguard's Registry to Amazon ECR](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/chainguard-registry/pull-through-guides/ecr-pull-through.md): Overview of using Amazon ECR as a pull-through cache for Chainguard's registry. - [Vulnerability scanners and Chainguard Libraries](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/libraries/scanners.md): Details for using vulnerability scanners with Chainguard Libraries. - [Browsing Chainguard Libraries](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/libraries/browse.md): Searching, browsing, and inspecting Chainguard Libraries in the console - [FedRAMP Technical Considerations & Risk Factors](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/fedramp-considerations.md): A conceptual overview of Chainguard FIPS Containers. - [Overview of Chainguard Repository](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-repository/overview.md): Chainguard Repository Overview - [Chainguard VMs FAQ](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/vms/faq.md): Frequently asked questions about Chainguard VMs, including availability, supported ecosystems, compliance, and more - [Kubernetes Policy Enforcement with Kyverno](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/enforcement/kyverno.md): How to enforce best practices and ensure compliance with Kyverno. - [Overview of Chainguard OS](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-os/overview.md): Learn about Chainguard OS, the security-focused operating system that powers Chainguard containers with continuous updates, minimal attack surface, and enterprise-grade security features - [Using chainctl to Manage Custom Assembly Resources](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/features/ca-docs/custom-assembly-chainctl.md): How to use chainctl to manage Custom Assembly resources. - [Chainguard Libraries for Python overview](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/libraries/python/overview.md): Learn about Chainguard Libraries for Python, providing enhanced security for PyPI packages through automated vulnerability patching and supply chain protection - [Chainguard Libraries FAQ](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/libraries/faq.md): Frequently asked questions about Chainguard Libraries, including security benefits, supported ecosystems, and how automated patching protects against supply chain attacks - [How End-of-Life Software Accumulates Vulnerabilities](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/updating-images/how-eol-software-accumulates-cves.md): A conceptual article outlining the risk involved with using EOL software and how EOL images accrue vulnerabilities. - [How to Pull Packages from Chainguard Package Repositories through Artifactory](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/chainguard-registry/pull-through-guides/artifactory/artifactory-packages-pull-through.md): Tutorial for setting up remote Artifactory repositories as pull-through caches for apk packages from Chainguard's package repositories. - [STIGs for Chainguard Containers](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/features/image-stigs.md): A conceptual overview of Security Technical Implementation Guides, which are available for Chainguard Containers. - [Reproducibility and Chainguard Containers](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/repro.md): This video explains the importance of reproducibility and how to recreate any Chainguard image from an attestation. - [Getting Started with Distroless Container Images](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/getting-started-distroless.md): Why distroless containers are more secure: Chainguard's approach removes shells, package managers, and unnecessary components to minimize attack surface while maintaining compatibility - [Debugging Distroless Containers with Docker Debug](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/troubleshooting/debugging_distroless.md): How to use the Docker Debug feature to debug Distroless and minimal containers - [How to Use Chainguard Security Advisories](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/security-advisories/how-to-use.md): Article outlining how one can explore and use the Security Advisories found on the Chainguard Container Directory. - [Chainguard Containers Network Requirements](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/network-requirements.md): Using Chainguard Containers with firewalls, access control lists, and proxies. - [Getting Started with the Go Chainguard Container](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/getting-started/go.md): Learn how to build more secure Go applications with Chainguard's Go container images, featuring minimal attack surface and multi-stage build patterns for optimized runtime - [How to Use Chainguard Containers](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/how-to-use/how-to-use-chainguard-images.md): Learn how to use Chainguard Containers in your applications, including pulling images, extending base images, and migrating from traditional container images - [Using GitOps to Manage Custom Assembly Resources](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/features/ca-docs/custom-assembly-gitops.md): How to use GitOps to manage Custom Assembly resources. - [Requesting New Chainguard Resources](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/features/request-resources.md): How to submit requests for Chainguard to build new resources in the Console. - [How to Sync Images from Chainguard's Registry to Harbor](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/chainguard-registry/pull-through-guides/harbor.md): Tutorial outlining how to sync images from Chainguard's registry to Harbor. - [Using the Chainguard API to Manage Custom Assembly Resources](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/features/ca-docs/custom-assembly-api-demo.md): How to use the Chainguard API to manage Custom Assembly resources. - [Strategies and Tooling for Updating Containers](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/updating-images/strategies-tools-updating-images.md): A conceptual article outlining different strategies and tools for keeping images up to date and avoiding the use of end-of-life software. - [Debugging Distroless Container Images with Kubectl Debug and CDebug](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/troubleshooting/kubectl_cdebug.md): This video explains how to use the Kubectl and cdebug tools to investigate failing containers. It focuses on how to debug distroless images with no shell where traditional 'exec' commands don't work. - [How to Set Up Pull Through from Chainguard's Registry to Nexus](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/chainguard-registry/pull-through-guides/nexus-pull-through.md): Tutorial outlining how to set up a Nexus repository to pull container images through from Chainguard's registry. - [How Chainguard Containers are Tested](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/images-testing.md): A conceptual article outlining testing requirements for Chainguard Containers. - [Getting Started with the Chainguard Istio Containers](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/getting-started/istio.md): Learn how to deploy Istio service mesh using Chainguard's security-hardened Istio images with reduced vulnerabilities and minimal attack surface - [Chainguard OS Packages](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-os/chainguard-os-packages.md): Chainguard OS Packages - [Adding Custom Certificates with Custom Assembly](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/features/ca-docs/custom-assembly-certs.md): How to add custom certificates to customized images with Custom Assembly. - [Chainguard's container variants](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/differences-development-production.md): Learn about Chainguard's development container images and how they differ from our standard images. - [How Chainguard Issues Security Advisories](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/security-advisories/how-chainguard-issues.md): The life cycle of Chainguard-Issued Security Advisories - [How to Set Up Pull Through from Chainguard's Registry to Cloudsmith](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/chainguard-registry/pull-through-guides/cloudsmith-pull-through.md): Tutorial outlining how to set up a Cloudsmith repository to pull Containers through from Chainguard's Registry. - [Getting Started with the Laravel Chainguard Container](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/getting-started/laravel.md): Learn how to use Chainguard's Laravel container image for secure PHP web applications, featuring built-in Laravel tooling and minimal vulnerabilities - [Using the Chainguard Console](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/console/images-directory.md): A walkthrough of the Chainguard Console. - [Using Renovate with Chainguard Containers](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/updating-images/renovate.md): How to use Renovate to automatically keep Chainguard Containers updated - [Using the Tag History API](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/features/using-the-tag-history-api.md): Learn how to use the Chainguard Containers Tag History API to fetch the tag history of image variants. - [Using CVE Visualizations](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/features/cve_visualizations.md): Getting started with the CVE Visualization feature. - [Keep your Chainguard Containers Up to Date with digestabot](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/updating-images/digestabot.md): This video explains how to use digestabot, a free GitHub action we created to make it easier for public users to keep their Chainguard Containers fresh. - [Chainguard Containers Product Release Lifecycle](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/versions.md): Understanding Chainguard's approach to container image versions. - [Getting Started with the MariaDB Chainguard Container](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/getting-started/mariadb.md): Learn how to deploy MariaDB databases using Chainguard's security-hardened container image with minimal vulnerabilities and distroless design - [Understanding Chainguard's Container Image Categories](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/images-categories.md): Reference guide outlining how Chainguard Containers are categorized. - [How to Use Chainguard Notifications](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/console/use-chainguard-notifications.md): A primer on how to configure Chainguard Notifications - [Chainguard OS FAQs](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-os/faq.md): Frequently asked questions about Chainguard OS, the secure operating system powering production Chainguard containers with enterprise features and continuous updates - [Using wolfictl to Manage Security Advisories](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/security-advisories/managing-advisories.md): Guide on how to use the wolfictl tool to create, update, and manage security advisories - [Getting Started with the NeMo Chainguard Container](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/getting-started/nemo.md): Learn how to use Chainguard's NeMo container image for conversational AI with enhanced security, minimal CVEs, and GPU acceleration support - [False Positives and False Negatives with Container Images Scanners](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/working-with-scanners/false-results.md): An overview of the formation of false positive and false negative vulnerability results in container image scanners - [How To Use incert to Create Container Images with Built-in Custom Certificates](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/features/incert-custom-certs.md): An overview of how to use incert — a Go program from Chainguard — to create container images with custom certificates built-in to them. - [How Chainguard Creates Container Images with Low-to-No CVEs](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/zerocve.md): Chainguard creates more secure container images with zero CVEs through minimal packages, rapid updates, and proactive security advisories - learn how we eliminate vulnerabilities - [Unique Tags for Chainguard Containers](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/features/unique-tags.md): Learn about Chainguard's Unique Tags feature for production container images, enabling precise version tracking and automated deployment workflows with timestamped tags - [Getting Started with the nginx Chainguard Container](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/getting-started/nginx.md): Learn how to deploy nginx web server using Chainguard's security-hardened container image with minimal vulnerabilities and distroless runtime - [Using the Chainguard Directory](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/how-to-use/chainguard-directory.md): A walkthrough of the Chainguard Directory. - [Getting Started with the Node Chainguard Container](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/getting-started/node.md): Learn how to use Chainguard's Node.js container images for secure JavaScript applications with minimal vulnerabilities, distroless design, and built-in npm support - [Getting Started with the PHP Chainguard Container](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/getting-started/php.md): Learn how to use Chainguard's PHP container images for secure web applications, featuring FPM and CLI variants with minimal vulnerabilities and reduced attack surface - [Package and Image Name Mappings](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/package-name-mappings.md): Understanding how Chainguard maps upstream package and image names to Chainguard Containers - [Can anybody build Chainguard Containers themselves?](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/can-anybody-build-containers.md): Dustin Kirkland discusses whether users can build Chainguard Containers on their own - [How to Use Chainguard Helm Charts](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/how-to-use/use-chainguard-helm-charts.md): A primer on how to use Chainguard-provided upstream Helm charts to deploy Chainguard container images - [Beyond Zero: Eliminating Vulnerabilities in PyTorch Container Images (PyTorch 2024)](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/beyond_zero_pytorch_2024.md): Video and transcript of presentation at PyTorch 2024 on eliminating CVEs in the PyTorch image, drawing on best practices from Chainguard Containers - [Getting Started with the PostgreSQL Chainguard Container](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/getting-started/postgres.md): Learn how to deploy PostgreSQL databases using Chainguard's security-hardened container image with minimal vulnerabilities and distroless design - [Authenticate to Chainguard's Registry](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/chainguard-registry/authenticating.md): A guide on authenticating to Chainguard's registry to get container images - [Chainguard Libraries for JavaScript overview](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/libraries/javascript/overview.md): JavaScript libraries for your application development - [Chainguard Libraries for Java overview](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/libraries/java/overview.md): Learn about Chainguard Libraries for Java, providing enhanced security for Maven dependencies through automated vulnerability patching and supply chain protection - [Global configuration](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/libraries/javascript/global-configuration.md): Configuring Chainguard Libraries for JavaScript in your organization - [Global configuration](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/libraries/java/global-configuration.md): Configuring Chainguard Libraries for Java in your organization - [Global configuration](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/libraries/python/global-configuration.md): Configuring Chainguard Libraries for Python in your organization - [Build configuration](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/libraries/javascript/build-configuration.md): Configuring Chainguard Libraries for JavaScript on your workstation - [Build configuration](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/libraries/java/build-configuration.md): Configuring Chainguard Libraries for Java on your workstation - [Build configuration](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/libraries/python/build-configuration.md): Configuring Chainguard Libraries for Python on your workstation - [Management and maintenance](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/libraries/java/management.md): Learn how to manage and maintain Chainguard Libraries for Java, including dependency updates, verification, and monitoring security improvements - [Management and maintenance](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/libraries/python/management.md): Learn how to manage and maintain Chainguard Libraries for Python, including package updates, verification, and monitoring security improvements - [Chainguard Container Catalog Pricing](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/pricing.md): Overview of Chainguard's Container Catalog Pricing model and how to add container images to your organization through the Self-Serve Catalog Experience. - [How to Use Chainguard iamguarded Helm Charts](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/how-to-use/use-chainguard-iamguarded-helm-charts.md): A primer on how to use Chainguard-produced iamguarded Helm charts to deploy Chainguard container images - [Getting Started with the Python Chainguard Container](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/getting-started/python.md): Learn how to use Chainguard's Python container images for secure Python applications with minimal CVEs, distroless design, and comprehensive supply chain security features - [Migrating a JavaScript Project to Chainguard Libraries](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/libraries/javascript/migration.md): How to migrate an existing JavaScript project to pull dependencies from Chainguard Libraries - [Chainguard Catalog Starter](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/catalog-starter.md): Learn about Chainguard Catalog Starter, an offering allowing teams to try out five Chainguard container images for free. - [Proxy and cache Helm Charts with Artifactory](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/how-to-use/proxy-and-cache.md): Use Artifactory to proxy and cache Chainguard iamguarded Helm charts - [Getting Started with the PyTorch Chainguard Container](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/getting-started/pytorch.md): Learn how to use Chainguard's PyTorch container image for deep learning with enhanced security, minimal CVEs, and GPU acceleration support - [Chainguard Containers FAQs](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/faq.md): Chainguard container FAQs: why they have zero CVEs, how they compare to DockerHub, what makes them more secure, pricing, and enterprise deployment best practices - [Getting Started with the MinIO Chainguard Container](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/getting-started/minio.md): Learn how to deploy MinIO object storage with Chainguard's secure, minimal container images for S3-compatible storage solutions with reduced vulnerabilities - [Getting Started with the Ruby Chainguard Container](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/getting-started/ruby.md): Learn how to use Chainguard's Ruby container images for secure Ruby applications, including multi-stage builds for Rubygems and minimal runtime images - [Getting started with the Chainguard Spark FIPS container](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/getting-started/spark-fips.md): Learn how to run Apache Spark workloads with FIPS 140-3 cryptography using Chainguard's Spark FIPS container, including BCFKS keystore setup and Kubernetes cluster-mode deployment with the Spark Operator - [How does Chainguard Libraries plug into a developer's workflow?](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/libraries/how-libraries-plug-into-workflow.md): Interview with Dustin Kirkland explaining how Chainguard Libraries integrate seamlessly into existing developer workflows - [How does Chainguard Libraries help developers?](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/libraries/how-libraries-help-developers.md): Interview with Dustin Kirkland about the benefits Chainguard Libraries provide to developers - [How to Use Chainguard Containers with OpenShift](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/how-to-use/use-with-openshift.md): Learn how to deploy Chainguard Containers on Red Hat OpenShift, including security context adjustments and permission configurations for enhanced security - [Getting Started with the WordPress Chainguard Container](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/getting-started/wordpress.md): Learn how to deploy WordPress using Chainguard's security-hardened container image with reduced vulnerabilities and distroless runtime options - [Setting Up a Minecraft Server with the JRE Chainguard Container](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/getting-started/jre-minecraft.md): Learn how to set up a secure Minecraft Java server using Chainguard's JRE container image with minimal vulnerabilities and enhanced security features - [Using Chainguard Containers in Dev Containers](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/how-to-use/dev-containers.md): Guide outlining how you can use Chainguard Containers as Dev Containers for secure development. - [Using Grype to Scan Software Artifacts](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/working-with-scanners/grype-tutorial.md): Learn to use Grype to detect CVEs in images - [Using Init Containers with Chainguard Containers](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/how-to-use/init-containers.md): Example showing how to use an init container to configure Chainguard's minimal nginx container image. - [Using Trivy to Scan Software Artifacts](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/working-with-scanners/trivy-tutorial.md): Learn to use Trivy to analyze container images and other software artifacts for a variety of issues - [Using the Chainguard Static Base Container Image](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/how-to-use/static-base-image.md): Video demonstration of how to use the Chainguard static base image to create minimal images - [How to Use Container Image Digests to Improve Reproducibility](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/how-to-use/container-image-digests.md): Learn how to use container image digests with Chainguard Containers for reproducible deployments and version pinning in production environments - [Reproducible Dockerfiles with Frizbee and Digestabot](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/how-to-use/digestabot_frizbee.md): How to avoid issues with flaky Dockerfiles by using Frizbee and Digestabot to pin images to digests. - [Getting Software Versions from Chainguard Containers](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/how-to-use/version-info-chainguard-images.md): Video demonstration of how to get the software version information from Chainguard Containers - [Building Minimal Container Images for Applications with Runtimes](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/how-to-use/minimal-runtime-images.md): Learn how to create minimal container images for runtime-based applications using Chainguard's security-focused approach, reducing vulnerabilities in Java and similar environments - [Choosing a Container for your Compiled Programs](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/images-compiled-programs/compiled-programs.md): An overview comparing various Chainguard Containers for compiled programs - [glibc vs. musl](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/images-compiled-programs/glibc-vs-musl.md): An overview of the differences between glibc and musl. - [Vulnerability Comparison: bash](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/bash.md) - [Vulnerability Comparison: busybox](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/busybox.md) - [Vulnerability Comparison: curl](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/curl.md) - [Vulnerability Comparison: deno](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/deno.md) - [Vulnerability Comparison: dex](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/dex.md) - [Vulnerability Comparison: dotnet-runtime](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/dotnet-runtime.md) - [Vulnerability Comparison: dotnet-sdk](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/dotnet-sdk.md) - [Vulnerability Comparison: etcd](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/etcd.md) - [Vulnerability Comparison: git](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/git.md) - [Vulnerability Comparison: go](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/go.md) - [Vulnerability Comparison: gradle](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/gradle.md) - [Vulnerability Comparison: haproxy](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/haproxy.md) - [Vulnerability Comparison: jenkins](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/jenkins.md) - [Vulnerability Comparison: kube-state-metrics](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/kube-state-metrics.md) - [Vulnerability Comparison: mariadb](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/mariadb.md) - [Vulnerability Comparison: maven](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/maven.md) - [Vulnerability Comparison: memcached](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/memcached.md) - [Vulnerability Comparison: minio](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/minio.md) - [Vulnerability Comparison: minio-client](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/minio-client.md) - [Vulnerability Comparison: nats](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/nats.md) - [Vulnerability Comparison: nginx](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/nginx.md) - [Vulnerability Comparison: node](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/node.md) - [Vulnerability Comparison: opensearch](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/opensearch.md) - [Vulnerability Comparison: php](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/php.md) - [Vulnerability Comparison: postgres](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/postgres.md) - [Vulnerability Comparison: python](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/python.md) - [Vulnerability Comparison: r-base](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/r-base.md) - [Vulnerability Comparison: rabbitmq](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/rabbitmq.md) - [Vulnerability Comparison: redis](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/redis.md) - [Vulnerability Comparison: ruby](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/ruby.md) - [Vulnerability Comparison: rust](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/rust.md) - [Vulnerability Comparison: telegraf](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/telegraf.md) - [Vulnerability Comparison: traefik](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/traefik.md) - [Vulnerability Comparison: wait-for-it](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/wait-for-it.md) - [Vulnerability Comparison: wolfi-base](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/wolfi-base.md) - [Vulnerability Comparison: zookeeper](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/vuln-comparison/zookeeper.md) - [Installing APK packages in distroless variants](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/how-to-use/install-apks-in-distroless-variants.md): Learn how to install APK packages into Chainguard's distroless container images that do not include package managers - [Chainguard's Private APK Repositories](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/features/packages/private-apk-repos.md): An overview of how to work with Chainguard's Private APK Repositories. - [Verifying Chainguard Containers and Metadata Signatures with Cosign](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/how-to-use/verifying-chainguard-images-and-metadata-signatures-with-cosign.md): Learn how to verify Chainguard Container signatures and attestations with Cosign for supply chain security, ensuring image authenticity and integrity - [How to Retrieve SBOMs and attestations for Chainguard Containers](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/how-to-use/retrieve-image-sboms.md): How to get SBOM for container images: Chainguard provides Software Bill of Materials for every image - retrieve with Cosign for complete supply chain transparency ## Open Source - [Octo STS Overview](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/octo-sts/overview.md): Learn about Octo STS, an open source security token service for GitHub that uses OIDC federation to eliminate long-lived Personal Access Tokens - [How to Install Sigstore Policy Controller](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sigstore/policy-controller/how-to-install-policy-controller.md): Install the Sigstore Policy Controller into a Kubernetes Cluster - [An Introduction to Rekor](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sigstore/rekor/an-introduction-to-rekor.md): Understanding Rekor, the transparency log of Rekor - [An Introduction to Cosign](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sigstore/cosign/an-introduction-to-cosign.md): Understanding Cosign, a project under Sigstore - [How to Install the Rekor CLI](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sigstore/rekor/how-to-install-rekor.md): An overview of how to instal rekor-cli to query the Sigstore transparency log - [How to Install Cosign](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sigstore/cosign/how-to-install-cosign.md): Details for installing Cosign across operating systems - [How to Query Rekor](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sigstore/rekor/how-to-query-rekor.md): Access the data stored in Sigstore's transparency log, Rekor - [How to Sign a Container with Cosign](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sigstore/cosign/how-to-sign-a-container-with-cosign.md): Signing containers with Cosign - [How to Sign and Upload Metadata to Rekor](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sigstore/rekor/how-to-sign-and-upload-metadata-to-rekor.md): Use the Rekor CLI to sign and upload metadata to the Sigstore transparency log - [How to Sign Blobs and Standard Files with Cosign](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sigstore/cosign/how-to-sign-blobs-with-cosign.md): Use Cosign to sign non-container software artifacts - [How to Set Up An Instance of Rekor Instance Locally](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sigstore/rekor/install-a-rekor-instance.md): Create your own instance of the Rekor transparency log - [What is an SBOM (software bill of materials)?](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sbom/what-is-an-sbom.md): Learn what Software Bill of Materials (SBOM) are, why they're essential for supply chain security, and how tools like Chainguard use SBOMs to enhance transparency - [How to Sign an SBOM with Cosign](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sigstore/cosign/how-to-sign-an-sbom-with-cosign.md): Signing software bills of materials with Cosign - [Enforce SBOM attestation with Policy Controller](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sigstore/policy-controller/policies/enforce-sbom-attestation-with-policy-controller.md): Enforce SBOM attestation with Policy Controller - [Disallowing Non-Default Capabilities](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sigstore/policy-controller/policies/disallowing-non-default-capabilities-with-policy-controller.md): Using Policy Controller to prevent running pods with extra capabilities - [Disallowing Privileged Pods](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sigstore/policy-controller/policies/disallowing-privileged-containers-with-policy-controller.md): Using Policy Controller to prevent running privileged pods - [Disallowing Run as Root User](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sigstore/policy-controller/policies/disallowing-run-as-root-user-with-policy-controller.md): Using Policy Controller to prevent running pods as root - [Maximum Container Image Age](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sigstore/policy-controller/policies/maximum-image-age-policy-controller.md): Maximum container image age with Policy Controller - [Disallowing Unsafe sysctls](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sigstore/policy-controller/policies/disallowing-unsafe-sysctls-with-policy-controller.md): Use Policy Controller to limit pods to safe sysctls - [Verify Signed Chainguard Containers](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sigstore/policy-controller/policies/using-policy-controller-to-verify-signed-chainguard-images.md): Using Policy Controller to Verify Signed Chainguard Containers - [How to Verify File Signatures with Cosign](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sigstore/cosign/how-to-verify-file-signatures-with-cosign.md): Use Cosign to verify non-container software artifacts - [Cosign: The Manual Way](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sigstore/cosign/cosign-manual-way.md) - [Limit High or Critical CVEs in your Images Workloads](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sigstore/policy-controller/policies/critical-cve-policy.md): How to use the vulnerability attestation with no High or Critical CVEs Policy - [Rego Policies](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sigstore/policy-controller/policies/chainguard-enforce-rego-policies.md): Writing Rego-based policies for Sigstore Policy Controller - [Getting Started with OpenVEX and vexctl](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sbom/getting-started-openvex-vexctl.md): Using vexctl to manage vulnerability communications - [melange Overview](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/build-tools/melange/overview.md): melange Overview - [apko Overview](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/build-tools/apko/overview.md): apko Overview - [What Makes a Good SBOM?](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sbom/what-makes-a-good-sbom.md): An explanation of what makes a good SBOM - [What is OpenVex?](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sbom/what-is-openvex.md): A conceptual overview of OpenVex - [The Differences between SBOMs and Attestations](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sbom/sboms-and-attestations.md): An overview of the differences between attestations and SBOMs - [apko FAQs](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/build-tools/apko/faq.md): Frequently asked questions about apko - [Octo STS FAQ](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/octo-sts/faq.md): Learn about Octo STS for GitHub token federation, including setup issues, security best practices, and integration patterns - [Example Policies](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sigstore/policy-controller/policies/chainguard-enforce-policy-examples.md): Policy recipes - [Wolfi Overview](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/wolfi/overview.md): Getting started with Wolfi, the Linux undistro for secure container images - [Getting Started with melange](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/build-tools/melange/getting-started-with-melange.md): melange is a declarative apk builder - [Getting Started with apko](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/build-tools/apko/getting-started-with-apko.md): Quickstart to get apko up and running - [What is the Open Container Initiative?](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/oci/what-is-the-oci.md): The Open Container Initiative (OCI) is a Linux Foundation project dedicated to managing specifications and projects related to the storage, distribution, and execution of container images. - [Updating Container Images with Renovate (and no PATs!)](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/octo-sts/updating-container-images-with-renovate.md): Video tutorial showing how to set up Renovate as a GitHub Action with Octo STS to eliminate the need for Personal Access Tokens - [What are OCI Artifacts?](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/oci/what-are-oci-artifacts.md): OCI artifacts are a way of using OCI registries, or container registries that are compliant with specifications set by the Open Container Initiative, to store arbitrary files. - [Troubleshooting melange Builds](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/build-tools/melange/troubleshooting.md): Debugging and common errors with melange build - [An Introduction to Fulcio](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sigstore/fulcio/an-introduction-to-fulcio.md): Understanding Fulcio, a new kind of root certificate authority for code signing under Sigstore - [Building a Wolfi Package](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/wolfi/building-a-wolfi-package.md): A deep-dive into the process of getting a new package into Wolfi OS - [Wolfi FAQs](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/wolfi/faq.md): Frequently asked questions about Wolfi, a Linux undistro - [Troubleshooting apko Builds](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/build-tools/apko/troubleshooting.md): Debugging and common errors in apko - [Why apk](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/wolfi/apk-package-manager.md): How apk-tools is different from other package managers - [Hello Wolfi Workshop](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/wolfi/hello-wolfi.md): Community workshop about Wolfi for beginners - [Creating Wolfi Images with Dockerfiles](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/wolfi/wolfi-with-dockerfiles.md): This tutorial demonstrates how to build a Wolfi Python image from scratch, using a Dockerfile workflow. - [How to Keyless Sign a Container Image with Sigstore](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sigstore/how-to-keyless-sign-a-container-with-sigstore.md): Use Cosign and GitHub Actions to Keyless Sign a Django Container Image - [How to Generate a Fulcio Certificate](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sigstore/fulcio/how-to-generate-a-fulcio-certificate.md): Tutorial on how to generate a certificate with Fulcio for software security - [How to Inspect and Verify Fulcio Certificates](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/sigstore/fulcio/how-to-inspect-and-verify-fulcio-certificates.md): Confirming the authenticity of a Fulcio certificate for a more secure software supply chain - [Package Version Selection](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/wolfi/apk-version-selection.md) - [Bazel Rules for apko](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/build-tools/apko/bazel-rules.md): Build secure, minimal Wolfi-based container images using Bazel - [melange FAQs](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/open-source/build-tools/melange/faq.md): Frequently asked questions about melange ## Software Security - [Sea-curing Software #1 - Fighting Vulnerabilities](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/comics/fighting-vulnerabilities.md): Help Linky defend a vulnerable system against software vulnerabilities! - [What Are Software Vulnerabilities and CVEs?](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/cves/cve-intro.md): An introduction to software vulnerabilities and vulnerability documentation through the CVE Program - [Why Care About Software Vulnerabilities?](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/cves/cve-why-care.md): An overview of software vulnerability impacts and the significance of CVEs in vulnerability management practices - [Infamous Software Vulnerabilities](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/cves/infamous-cves.md): An overview of a few of the most critical, widespread, and impactful known software vulnerabilities - [Software Vulnerability Remediation](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/cves/cve-remediation.md): A step-by-step guide on beginning to triage and remediate vulnerabilities in your software - [What are Containers?](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/what-are-containers.md): An overview of the structure, contents, and applications of container technology - [CISA Secure Software Development Attestation Form (Draft)](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/secure-software-development/ssd-attestation-form.md) - [Selecting a Base Container Image](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/selecting-a-base-image.md): How to choose more secure container base images: essential criteria including CVE count, SBOM availability, update frequency, and why Chainguard excels in each category - [What is software supply chain security](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/what-is-software-supply-chain-security.md): What is software supply chain security and why it matters: protect against attacks like SolarWinds with tools like Chainguard's SLSA-compliant containers and SBOMs - [Chainguard Glossary](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/glossary.md): Software supply chain security vocabulary - [WTF happened with the PyPI phishing attack?](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/videos/pypi.md): The PyPI phishing attack and multi-factor authentication - [WTF is a distroless container?](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/videos/distroless.md): Why we should use distroless - [WTF is a Typo Squatting Attack?](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/videos/github-typosquatting.md): GitHub’s typo squatting attack - [WTF is Sigstore?](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/videos/sigstore.md): Sigstore explained in 2 minutes - [What Is a Build Horizon?](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/build-horizon.md): What a build horizon is and why enforcing maximum artifact age is a key practice for keeping software secure and up to date - [Secure Software Development Framework (SSDF) Table, NIST SP 800-218](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/secure-software-development/ssdf.md) - [Minimum Attestation References](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/secure-software-development/minimum-attestation-references.md) - [Build Safely with AI](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/learning-labs/ll202605.md): Learning Lab for May 2026 on how to mitigate risks in AI-assisted coding, showcasing the Chainguard plugin for Cursor. - [Securing CI/CD with Chainguard](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/learning-labs/ll202604.md): Learning lab for April 2026 on recent software supply chain incidents in GitHub Actions and how to leverage Chainguard products and tools to mitigate risks - [Software supply chain attacks and Chainguard Libraries](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/learning-labs/ll202603.md): Learning lab for March 2026 on the history and future of software supply chain attacks related to Chainguard Libraries - [Shipping Safer Container Runtimes in 2026](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/learning-labs/ll202512.md): Learning Lab for December 2025 on strategies to secure your software supply chain and ship safer containerized runtimes in 2026 - [Chainguard OS on Raspberry Pi](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/learning-labs/ll202511.md): Learning Lab for November 2025 on the new release of Chainguard OS for the Raspberry Pi. Learn how to get started! - [Chainguard Libraries for JavaScript and CVE remediation for Python libraries](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/learning-labs/ll202510.md): Learning Lab for October 2025 about Chainguard Libraries for JavaScript and CVE remediation for Python libraries - [Static Chainguard Container Images](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/learning-labs/ll202509.md): Learning Lab for September 2025 about using the static Chainguard container images - [Getting Started with Chainguard's Dockerfile Converter](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/learning-labs/ll202508.md): Learning Lab for August 2025 on DFC, a tool to convert Dockerfiles to use Chainguard Containers - [AI with Hardened Container Images](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/learning-labs/ll202507.md): Learning Lab for July 2025 on securing AI workloads with hardened container images - [Chainguard Libraries for Python](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/learning-labs/ll202506.md): Learning Lab for June 2025 on Chainguard Libraries for Python and Supply Chain Security - [Chainguard Libraries for Java](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/learning-labs/ll202505.md): Learning Lab in May 2025 with Manfred Moser - [Chainguard Trademark Use Policy](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/software-security/trademark.md): Understanding the Chainguard Trademark Use Policy ## Compliance - [Introduction to PCI DSS](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/compliance/pci-dss-4/intro-pci-dss-4.md): How to prepare your organization to meet the requirements of PCI DSS 4.0 - [Introduction to CMMC](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/compliance/cmmc-2/intro-cmmc-2.md): How to prepare your organization to meet the requirements of CMMC 2.0 - [CMMC Maturity Levels](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/compliance/cmmc-2/cmmc-2-levels.md): Learn about the differences between CMMC 2.0's maturity levels - [PCI DSS Practices](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/compliance/pci-dss-4/pci-dss-practices.md): Learn about the practices required for PCI DSS 4.0 - [CMMC 2.0 Practices](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/compliance/cmmc-2/cmmc-practices.md): Learn about the 14 different domains of practices required for CMMC 2.0 - [PCI DSS at Chainguard](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/compliance/pci-dss-4/pci-dss-chainguard.md): Chainguard Containers reduce the time and effort for establishing PCI DSS 4.0 compliance - [CMMC at Chainguard](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/compliance/cmmc-2/cmmc-chainguard.md): Chainguard Containers reduce the time and effort for establishing CMMC 2.0 compliance - [Introduction to SLSA](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/compliance/slsa/what-is-slsa.md): A conceptual overview of SLSA - [SLSA Compliance at Chainguard](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/compliance/slsa/slsa-chainguard.md): A brief overview of SLSA and Chainguard's compliance efforts. - [Overview of CIS Benchmarks](https://deploy-preview-3407--ornate-narwhal-088216.netlify.app/compliance/cis-benchmarks.md): A brief overview of CIS Benchmarks and how they can be used. ## API Reference - [Chainguard API (Combined)](https://edu.chainguard.dev/api.json): OpenAPI spec for all Chainguard API versions (JSON) - [Chainguard API v1](https://edu.chainguard.dev/api-v1.json): OpenAPI spec for Chainguard API v1 (JSON) - [Chainguard API v2 Alpha](https://edu.chainguard.dev/api-v2alpha1.json): OpenAPI spec for Chainguard API v2 alpha (JSON) - [Chainguard API v2 Beta](https://edu.chainguard.dev/api-v2beta1.json): OpenAPI spec for Chainguard API v2 beta (JSON)