From 9fda545e630ce71ca1212d87c28b2cffd9c333ee Mon Sep 17 00:00:00 2001 From: Matthew Helmke Date: Wed, 23 Oct 2024 06:52:35 -0500 Subject: [PATCH] add link to FIPS page to all mentions (#1862) ## Type of change ### What should this PR do? This adds a link to our wonderful FIPS page from all other pages that refer to FIPS in some way. This is related to https://github.com/chainguard-dev/internal/issues/4268 ### Why are we making this change? To lead people to the page that tells them all about FIPS so they are less likely to be confused or misconfigure stuff. ### What are the acceptance criteria? I won't be mad if you check the links. ### How should this PR be tested? Did I insert any new typos? Are my links accurate? Then, let's go! --------- Signed-off-by: Matthew Helmke Co-authored-by: Mark Drake <33191761+SharpRake@users.noreply.github.com> --- .../pull-through-guides/artifact-registry-pull-through/index.md | 2 +- .../pull-through-guides/artifactory-pull-through/index.md | 2 +- .../pull-through-guides/cloudsmith-pull-through/index.md | 2 +- .../pull-through-guides/nexus-pull-through/index.md | 2 +- content/software-security/compliance/cmmc-2/cmmc-chainguard.md | 2 +- .../compliance/pci-dss-4/pci-dss-chainguard.md | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/content/chainguard/chainguard-registry/pull-through-guides/artifact-registry-pull-through/index.md b/content/chainguard/chainguard-registry/pull-through-guides/artifact-registry-pull-through/index.md index 0e69885969..088c2d7768 100644 --- a/content/chainguard/chainguard-registry/pull-through-guides/artifact-registry-pull-through/index.md +++ b/content/chainguard/chainguard-registry/pull-through-guides/artifact-registry-pull-through/index.md @@ -72,7 +72,7 @@ If you run into issues with this command, be sure that it contains the correct G ## Setting up Google Artifact Registry as a Pull Through for Production Images -Production Chainguard Images are enterprise-ready images that come with patch SLAs and features such as Federal Information Processing Standard (FIPS) readiness. The process for setting up a Google Artifact Registry repository that you can use as a pull through cache for Chainguard Production Images is similar to the one outlined previously for Developer Images, but with a few extra steps. +Production Chainguard Images are enterprise-ready images that come with patch SLAs and features such as [Federal Information Processing Standard](/chainguard/chainguard-images/working-with-images/fips-images/) (FIPS) readiness. The process for setting up a Google Artifact Registry repository that you can use as a pull through cache for Chainguard Production Images is similar to the one outlined previously for Developer Images, but with a few extra steps. To get started, you will need to create [a pull token](/chainguard/chainguard-registry/authenticating/#authenticating-with-a-pull-token) for your organization's Chainguard Registry. Pull tokens are longer-lived tokens that can be used to pull Images from other environments that don't support OIDC, such as some CI environments, Kubernetes clusters, or with registry mirroring tools like Google Artifact Registry. diff --git a/content/chainguard/chainguard-registry/pull-through-guides/artifactory-pull-through/index.md b/content/chainguard/chainguard-registry/pull-through-guides/artifactory-pull-through/index.md index 715516c6e7..bcfb0112e8 100644 --- a/content/chainguard/chainguard-registry/pull-through-guides/artifactory-pull-through/index.md +++ b/content/chainguard/chainguard-registry/pull-through-guides/artifactory-pull-through/index.md @@ -81,7 +81,7 @@ Be sure the `docker pull` command you run includes the name of your project as w ## Setting Up Artifactory as a pull through for Production Images -Production Chainguard Images are enterprise-ready images that come with patch SLAs and features such as Federal Information Processing Standard (FIPS) readiness. The process for setting up an Artifactory repository that you can use as a pull through cache for Chainguard Production Images is similar to the one outlined previously for Developer Images, but with a few extra steps. +Production Chainguard Images are enterprise-ready images that come with patch SLAs and features such as [Federal Information Processing Standard](/chainguard/chainguard-images/working-with-images/fips-images/) (FIPS) readiness. The process for setting up an Artifactory repository that you can use as a pull through cache for Chainguard Production Images is similar to the one outlined previously for Developer Images, but with a few extra steps. To get started, you will need to create [a pull token](/chainguard/chainguard-registry/authenticating/#authenticating-with-a-pull-token) for your organization's Chainguard Registry. Pull tokens are longer-lived tokens that can be used to pull Images from other environments that don't support OIDC, such as some CI environments, Kubernetes clusters, or with registry mirroring tools like Artifactory. diff --git a/content/chainguard/chainguard-registry/pull-through-guides/cloudsmith-pull-through/index.md b/content/chainguard/chainguard-registry/pull-through-guides/cloudsmith-pull-through/index.md index 5a13e275c3..1972151151 100644 --- a/content/chainguard/chainguard-registry/pull-through-guides/cloudsmith-pull-through/index.md +++ b/content/chainguard/chainguard-registry/pull-through-guides/cloudsmith-pull-through/index.md @@ -87,7 +87,7 @@ If you run into issues pulling images like this, ensure that your `docker pull` ## Setting up Cloudsmith as a Pull Through for Production Images -Production Chainguard Images are enterprise-ready images that come with patch SLAs and features such as Federal Information Processing Standard (FIPS) readiness. The process for setting up a Cloudsmith repository that you can use as a pull through cache for Chainguard Production Images is similar to the one outlined previously for Developer Images, but with a few extra steps. +Production Chainguard Images are enterprise-ready images that come with patch SLAs and features such as [Federal Information Processing Standard](/chainguard/chainguard-images/working-with-images/fips-images/) (FIPS) readiness. The process for setting up a Cloudsmith repository that you can use as a pull through cache for Chainguard Production Images is similar to the one outlined previously for Developer Images, but with a few extra steps. You can create a new Cloudsmith repository or use the same repository you used as a pull through cache for Developer Images. diff --git a/content/chainguard/chainguard-registry/pull-through-guides/nexus-pull-through/index.md b/content/chainguard/chainguard-registry/pull-through-guides/nexus-pull-through/index.md index d7480bb362..20f987525d 100644 --- a/content/chainguard/chainguard-registry/pull-through-guides/nexus-pull-through/index.md +++ b/content/chainguard/chainguard-registry/pull-through-guides/nexus-pull-through/index.md @@ -73,7 +73,7 @@ Be sure the `docker pull` command contains the correct Nexus URL for your reposi ## Setting up Nexus as a pull through for Production Images -Production Chainguard Images are enterprise-ready images that come with patch SLAs and features such as Federal Information Processing Standard (FIPS) readiness. The process for setting up an Nexus repository that you can use as a pull through cache for Chainguard Production Images is similar to the one outlined previously for Developer Images, but with a few extra steps. +Production Chainguard Images are enterprise-ready images that come with patch SLAs and features such as [Federal Information Processing Standard](/chainguard/chainguard-images/working-with-images/fips-images/) (FIPS) readiness. The process for setting up an Nexus repository that you can use as a pull through cache for Chainguard Production Images is similar to the one outlined previously for Developer Images, but with a few extra steps. To get started, you will need to create [a pull token](/chainguard/chainguard-registry/authenticating/#authenticating-with-a-pull-token) for your organization's Chainguard Registry. Pull tokens are longer-lived tokens that can be used to pull Images from other environments that don't support OIDC, such as some CI environments, Kubernetes clusters, or with registry mirroring tools like Nexus. diff --git a/content/software-security/compliance/cmmc-2/cmmc-chainguard.md b/content/software-security/compliance/cmmc-2/cmmc-chainguard.md index 4b2a71bf08..9d5c48dca7 100644 --- a/content/software-security/compliance/cmmc-2/cmmc-chainguard.md +++ b/content/software-security/compliance/cmmc-2/cmmc-chainguard.md @@ -16,7 +16,7 @@ weight: 005 toc: true --- -Achieving Cybersecurity Maturity Model Certification (CMMC) 2.0 Level 2 or Level 3 certification can be a complex and resource-intensive process, particularly for organizations managing containerized environments and addressing vulnerabilities. Chainguard simplifies this journey by offering specialized solutions that drastically reduce the time and effort needed to meet compliance requirements. Our FIPS-compliant (Federal Information Processing Standard) images, combined with detailed SBOM (Software Bill of Materials) and STIG-hardened (Security Technical Implementation Guide) configurations, provide a strong foundation for meeting the requirements of CMMC 2.0. +Achieving Cybersecurity Maturity Model Certification (CMMC) 2.0 Level 2 or Level 3 certification can be a complex and resource-intensive process, particularly for organizations managing containerized environments and addressing vulnerabilities. Chainguard simplifies this journey by offering specialized solutions that drastically reduce the time and effort needed to meet compliance requirements. Our FIPS-compliant [Federal Information Processing Standard](/chainguard/chainguard-images/working-with-images/fips-images/) images, combined with detailed SBOM (Software Bill of Materials) and STIG-hardened (Security Technical Implementation Guide) configurations, provide a strong foundation for meeting the requirements of CMMC 2.0. ## What are STIG-Hardened FIPS Images? diff --git a/content/software-security/compliance/pci-dss-4/pci-dss-chainguard.md b/content/software-security/compliance/pci-dss-4/pci-dss-chainguard.md index e14781c37c..225499d78d 100644 --- a/content/software-security/compliance/pci-dss-4/pci-dss-chainguard.md +++ b/content/software-security/compliance/pci-dss-4/pci-dss-chainguard.md @@ -24,7 +24,7 @@ All Chainguard Images save time and costs required to triage, patch, and remedia On top of this, you must authenticate into Chainguard to use Chainguard Images, giving you reassurance of the provenance of your images. They include digitally signed [build-time SBOMs](/chainguard/chainguard-images/working-with-images/retrieve-image-sboms/) (software bill of materials) documenting and attesting to the full provenance. -Our FIPS-compliant (Federal Information Processing Standard) images, combined with STIG-hardened (Security Technical Implementation Guide) configurations, provide an even stronger foundation for meeting the requirements of PCI DSS even because they are hardened further to meet the more stringent FedRAMP requirements. +Our FIPS-compliant [Federal Information Processing Standard](/chainguard/chainguard-images/working-with-images/fips-images/) images, combined with STIG-hardened (Security Technical Implementation Guide) configurations, provide an even stronger foundation for meeting the requirements of PCI DSS even because they are hardened further to meet the more stringent FedRAMP requirements. ## What are STIG-Hardened FIPS Images?