Keeping Containers Up to Date on

Considerations for Keeping Containers Up to Date

Thu, 05 Oct 2023 11:07:52 +0200

Chainguard rebuilds container images daily to ensure the latest security patches are always included, addressing a critical challenge in container security. While keeping images up-to-date is essential for receiving security updates and new features, updates must be balanced with stability concerns since any code change can potentially introduce breaking changes or impact dependent systems.

Due to the complexity involved in modern containerized applications, there is no one-size-fits-all approach to keeping your container images up to date. With these conflicting approaches in mind, this article will explore how best to keep container images up-to-date.

How End-of-Life Software Accumulates Vulnerabilities

Wed, 04 Dec 2024 11:07:52 +0200

Typically, specific versions of software receive updates on a schedule for a set amount of time. Eventually, though, every version of software will stop receiving support. When project maintainers stop providing updates, it’s known as the End-of-Life (EOL) stage.

Because it’s no longer being actively maintained, software begins to collect vulnerabilities when it reaches EOL. This problem can become compounded when using container images, as they often come with extra components from underlying base images which are all prone to accruing vulnerabilities. This can lead to images with hundreds of components, each collecting vulnerabilities and forming part of the attack surface.

Strategies and Tooling for Updating Containers

Mon, 02 Dec 2024 11:07:52 +0200

When it comes to keeping a system secure, one of the most important measures you can take is to regularly apply updates. In modern, containerized infrastructures, this normally means updating containers to use only the latest container images that are still maintained. A casual observer might expect such a standard and important task to have agreed-on best practices and standardized tooling, but they might be surprised by the wide variety of different solutions and opinions on this problem.

Using Renovate with Chainguard Containers

Tue, 05 Sep 2023 11:07:52 +0200

Renovate can be used to alert on updates to Chainguard Containers. This can be an effective way to keep your images up-to-date and free of CVEs. This article explains how to configure Renovate to support Chainguard Containers.

NOTE: This article describes using Renovate to alert on new versions of Chainguard Containers. It is not about alerts for Wolfi packages (which is unsupported at the time of writing).

Prerequisites

This guide assumes you have successfully installed and configured Renovate. If you haven’t already set this up, please refer to the installation instructions.

Keep your Chainguard Containers Up to Date with digestabot

Wed, 07 Feb 2024 15:21:01 +0000

Tools used in this video

digestabot

Transcript

Today, I’d like to talk about a common question I get asked.