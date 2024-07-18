posted by Rianne Schestowitz on Jul 18, 2024



Quoting: Wolfi Might Be the Next Cloud Security Savior | LinuxInsider —

To achieve this, Wolfi applies a rolling release cadence and does not have release versions, only packages that rapidly receive version updates. According to the company, this approach ensures that Wolfi users can use vulnerability-free packages as soon as possible.

Wolfi is a community Linux OS designed for the container and cloud-native era. Chainguard started the Wolfi project to enable building Chainguard Images, its collection of curated “distroless” images that meet the requirements of a secure software supply chain.

Sure, other so-called distroless offerings exist. For instance, Google’s distroless images are built with Bazel and based on the Debian distribution. Bazel is an open-source build and test tool similar to Make, Maven, and Gradle that uses a human-readable, high-level build language.

Chainguard Images are built with apko, a command-line tool that allows users to build container images using a declarative language written in YAML. The apko name is derived from the APK package format and is inspired by the ko build tool.