You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As per our brief discussing at the TNA TA meeting... we (Project Omega @ TNA) were previously using Google's GCT Distroless Images for our production needs as these are both small (size) and very minimalist (smaller attack surface) - https://github.com/GoogleContainerTools/distroless. For debugging/development images (i.e. where we need a shell and tools) we were using debian:bullseye-slim as that is the base image for GCT's distroless images; so it enabled a degree of compatibility/consistency when testing etc.
However, we are considering switching to Chainguard's no-distro base images. Whilst still super-minimalist, they appear to have a lot of security advantages such as SBOM's and Supply Chain vetting. If you are interested, you can read a bit about them:
As well as their secure wolfi-base image they are now (like GCT were) providing base images atop that for various language runtimes (including Python). You can find their base images here: https://www.chainguard.dev/chainguard-images
I think the chainguard-images could form a nice base perhaps for TNA Docker images. I would be interested to hear your thoughts...
The text was updated successfully, but these errors were encountered:
Hi @ahosgood nice to see this :-)
As per our brief discussing at the TNA TA meeting... we (Project Omega @ TNA) were previously using Google's GCT Distroless Images for our production needs as these are both small (size) and very minimalist (smaller attack surface) - https://github.com/GoogleContainerTools/distroless. For debugging/development images (i.e. where we need a shell and tools) we were using
debian:bullseye-slim
as that is the base image for GCT's distroless images; so it enabled a degree of compatibility/consistency when testing etc.However, we are considering switching to Chainguard's no-distro base images. Whilst still super-minimalist, they appear to have a lot of security advantages such as SBOM's and Supply Chain vetting. If you are interested, you can read a bit about them:
As well as their secure
wolfi-base
image they are now (like GCT were) providing base images atop that for various language runtimes (including Python). You can find their base images here: https://www.chainguard.dev/chainguard-imagesI think the chainguard-images could form a nice base perhaps for TNA Docker images. I would be interested to hear your thoughts...
The text was updated successfully, but these errors were encountered: