diff --git a/content/chainguard/administration/custom-idps/custom-idps/index.md b/content/chainguard/administration/custom-idps/custom-idps/index.md index c748f3d516..7d7176a03c 100644 --- a/content/chainguard/administration/custom-idps/custom-idps/index.md +++ b/content/chainguard/administration/custom-idps/custom-idps/index.md @@ -7,7 +7,7 @@ type: "article" date: 2023-04-17T08:48:45+00:00 lastmod: 2024-08-15T15:22:20+01:00 draft: false -tags: ["Chainguard Images", "Overview"] +tags: ["CHAINGUARD IMAGES", "OVERVIEW"] images: [] weight: 005 --- diff --git a/content/chainguard/chainguard-images/how-to-use-chainguard-images.md b/content/chainguard/chainguard-images/how-to-use-chainguard-images.md index 4db4282cca..124e7b8695 100644 --- a/content/chainguard/chainguard-images/how-to-use-chainguard-images.md +++ b/content/chainguard/chainguard-images/how-to-use-chainguard-images.md @@ -5,9 +5,9 @@ type: "article" description: "A primer on how to migrate to Chainguard Images" lead: "A primer on how to migrate to Chainguard Images" date: 2022-09-01T08:49:31+00:00 -lastmod: 2024-03-29T19:42:31+00:00 +lastmod: 2024-08-19T15:56:52-07:00 draft: false -tags: ["Chainguard Images", "Procedural", "Product"] +tags: ["CHAINGUARD IMAGES", "PROCEDURAL", "PRODUCT"] images: [] menu: docs: @@ -41,10 +41,10 @@ Chainguard Developer Images are also available on Docker Hub. Check out [Chaingu ### Pulling by Tag -You can also add a relevant tag that you have access to. In the case of the Git image, you can pull the `:latest-glibc` tag for the Git image. [Note that not all tags are available for public images](/chainguard/chainguard-images/faq/#do-i-need-to-authenticate-into-chainguard-to-use-chainguard-images). +You can also add a relevant tag that you have access to. In the case of the public Git image, you can always pull the `:latest` tag. [Note that not all tags are available for public images](/chainguard/chainguard-images/faq/#do-i-need-to-authenticate-into-chainguard-to-use-chainguard-images). ```sh -docker pull cgr.dev/chainguard/git:latest-glibc +docker pull cgr.dev/chainguard/git:latest ``` You may use tags to pull a specific version of a software like Git, or programming language version in a catalog you have access to. The Chainguard Images Directory has tag history pages for each image, for example, the [Git Image Tags History](https://images.chainguard.dev/directory/image/git/versions), [PHP Image Tags History](https://images.chainguard.dev/directory/image/php/versions), and [JDK Image Tags History](https://images.chainguard.dev/directory/image/jdk/versions). diff --git a/content/chainguard/chainguard-images/working-with-images/images-directory/index.md b/content/chainguard/chainguard-images/working-with-images/images-directory/index.md index 8f3bcc264d..3319c52c4f 100644 --- a/content/chainguard/chainguard-images/working-with-images/images-directory/index.md +++ b/content/chainguard/chainguard-images/working-with-images/images-directory/index.md @@ -9,7 +9,7 @@ description: "A walkthrough of the Chainguard Images directory." date: 2024-02-23T11:07:52+02:00 lastmod: 2024-08-05T11:07:52+02:00 draft: false -tags: ["Conceptual", "Chainguard Images", "Product"] +tags: ["CONCEPTUAL", "CHAINGUARD IMAGES", "PRODUCT"] images: [] menu: docs: diff --git a/content/chainguard/chainguard-images/working-with-images/retrieve-image-sboms/index.md b/content/chainguard/chainguard-images/working-with-images/retrieve-image-sboms/index.md index 74d383ec83..4104017e12 100644 --- a/content/chainguard/chainguard-images/working-with-images/retrieve-image-sboms/index.md +++ b/content/chainguard/chainguard-images/working-with-images/retrieve-image-sboms/index.md @@ -7,9 +7,9 @@ aliases: type: "article" description: "A brief tutorial on how to use Cosign to retrieve Chainguard Image SBOMs." date: 2023-11-17T11:07:52+02:00 -lastmod: 2024-08-01T11:07:52+02:00 +lastmod: 2024-08-19T11:07:52+02:00 draft: false -tags: ["Conceptual", "Chainguard Images", "SBOM"] +tags: ["CONCEPTUAL", "CHAINGUARD IMAGES", "SBOM"] images: [] menu: docs: @@ -48,13 +48,13 @@ Notice that this example syntax includes `download attestation` rather than `dow This attestation data is encoded in base64, making it unreadable without further processing. This is why the output from the first part of the command is piped into `jq` in order to filter out the payload section of the output containing the SBOM. This filtered output is then passed into the `base64` command to be decoded before that output is piped into another `jq` command. The final `jq` command extracts the attestation predicate from the `base64` output and returns it to your terminal. -As an example, to retrieve the `argocd` image's attestation you would run a command like this. +As an example, to retrieve the `apko` image's attestation you would run a command like this. ```shell cosign download attestation \ --platform=linux/amd64 \ --predicate-type=https://spdx.dev/Document \ - cgr.dev/chainguard/argocd | jq -r .payload | base64 -d | jq .predicate + cgr.dev/chainguard/apko | jq -r .payload | base64 -d | jq .predicate ``` This example includes two extra arguments not included in the example syntax outlined previously. First, it includes the `--platform` flag which allows you to download the attestation for a specific platform image. This example specifies the `linux/amd64` platform, but you could also use `linux/arm64`. Be aware, though, that in order to use the `--platform` option you'll need to have Cosign version 2.2.1 or newer installed. diff --git a/content/chainguard/chainguard-images/working-with-images/security-advisories/how-to-use/index.md b/content/chainguard/chainguard-images/working-with-images/security-advisories/how-to-use/index.md index 7fce6c19fe..e8a33a675d 100644 --- a/content/chainguard/chainguard-images/working-with-images/security-advisories/how-to-use/index.md +++ b/content/chainguard/chainguard-images/working-with-images/security-advisories/how-to-use/index.md @@ -8,9 +8,9 @@ aliases: type: "article" description: "Article outlining how one can explore and use the Security Advisories found on the Chainguard Image Directory." date: 2023-12-27T11:07:52+02:00 -lastmod: 2023-12-27T11:07:52+02:00 +lastmod: 2024-08-19T15:56:52-07:00 draft: false -tags: ["Overview", "Product", "Chainguard Images", "CVE"] +tags: ["OVERVIEW", "PRODUCT", "CHAINGUARD IMAGES", "CVE"] images: [] menu: docs: @@ -36,6 +36,8 @@ To follow along with these examples, you'll need the following tools installed. * [`chainctl`](/chainguard/chainctl/) — Chainguard's command-line interface tool. To install `chainctl`, follow our [installation guide](/chainguard/administration/how-to-install-chainctl/). * [`jq`](https://jqlang.github.io/jq/) — `jq` is a command-line JSON processor that allows you to filter and manipulate streaming JSON data. Although it isn’t strictly necessary for the purposes of this guide, this tutorial includes commands that use `jq` to filter command output that would otherwise be difficult to read. You can install `jq` by following the instructions on [the project’s Download jq page](https://jqlang.github.io/jq/download/). +Lastly, note that this guide includes examples involving an example organization with a private Chainguard Registry named `example.com`. If you would like to follow along with your own private Chainguard Images, be sure to change this where relevant to reflect your own setup. If you don't have access to a private Chainguard Registry, you can also follow along using Chainguard's public Developer Images but be aware that these are limited to only the `latest` or `latest-dev` tags. You can download public Developer Images from the `cgr.dev/chainguard` registry, as in `cgr.dev/chainguard/go:latest`. + ## So you've encountered a CVE in a Chainguard Image @@ -44,7 +46,7 @@ Say you use a vulnerability scanner like Grype or Docker Scout to inspect a cert As of this writing, the `go:1.21.2` image points to the image digest `sha256:04ab6905552b54a6977bed40a4105e9c95f78033e1cde67806259efc4beb959d`. Be aware that this tag will be withdrawn in the future, but the digest will remain available. ```sh -docker scout cves cgr.dev/chainguard-private/go:1.21.2 +docker scout cves cgr.dev/example.com/go:1.21.2 ``` Because this is the digest for an older version of Chainguard's Go Image, this command's output will show a number of vulnerabilities that have been found to exist within this specific version of the Image. @@ -115,14 +117,14 @@ Chainguard's Security Advisories have told us that the CVE-2023-44487 was fixed If you inspect a later version of the Image with Docker Scout, you'll find that this time it reports no CVEs. This example inspects version `1.21.5` of the Image. ```shell -docker scout cves cgr.dev/chainguard-private/go:1.21.5 +docker scout cves cgr.dev/example.com/go:1.21.5 ``` ``` ## Overview │ Analyzed Image ────────────────────┼───────────────────────────────────────── - Target │ cgr.dev/chainguard-private/go:1.21.5 + Target │ cgr.dev/example.com/go:1.21.5 digest │ 65008b35ef40 platform │ linux/amd64 vulnerabilities │ 0C 0H 0M 0L @@ -141,8 +143,8 @@ You can go a step further by comparing these two images directly with the `chain ```sh chainctl images diff \ -cgr.dev/chainguard-private/go:1.21.2 \ -cgr.dev/chainguard-private/go:1.21.5 | jq . +cgr.dev/example.com/go:1.21.2 \ +cgr.dev/example.com/go:1.21.5 | jq . ``` This example will return a lot of output, as there are significant differences from version `1.21.2` to `1.21.5` of the Go Image. If you scroll down to the `vulnerabilities` section of this output, you'll find a list of vulnerabilities that are present in version `1.21.2` but have been removed by version `1.21.5`. diff --git a/content/chainguard/chainguard-registry/pull-through-guides/artifact-registry-pull-through/index.md b/content/chainguard/chainguard-registry/pull-through-guides/artifact-registry-pull-through/index.md index 08b8497e17..0e69885969 100644 --- a/content/chainguard/chainguard-registry/pull-through-guides/artifact-registry-pull-through/index.md +++ b/content/chainguard/chainguard-registry/pull-through-guides/artifact-registry-pull-through/index.md @@ -6,9 +6,9 @@ aliases: type: "article" description: "Tutorial outlining how to set up a Google Artifact Registry repository to pull Images through from the Chainguard Registry." date: 2024-07-08T15:56:52-07:00 -lastmod: 2024-07-17T15:56:52-07:00 +lastmod: 2024-08-19T15:56:52-07:00 draft: false -tags: ["Product", "Procedural", "Chainguard Images"] +tags: ["PRODUCT", "PROCEDURAL", "CHAINGUARD IMAGES"] images: [] menu: docs: @@ -59,13 +59,13 @@ gcloud auth configure-docker us-central1-docker.pkg.dev Be sure to change `us-central1` to reflect the location of your Artifact Registry repository. Also, after running this command you may be prompted to log in to your Google Cloud account. -After running the command, you will be able to pull a Chainguard Developer Image through Google Artifact Registry. The following example pulls the `wolfi-base` Image: +After running the command, you will be able to pull a Chainguard Developer Image through Google Artifact Registry. The following example pulls the `go` Image: ```sh -docker pull us-central1-docker.pkg.dev//chainguard-pull-through/chainguard/wolfi-base:latest +docker pull us-central1-docker.pkg.dev//chainguard-pull-through/chainguard/go:latest ``` -This command first specifies the location of the Artifact Registry repository we just created (`us-central1-docker.pkg.dev//chainguard-pull-through/`). It then follows that with the name of the Chainguard Developer Image and the remote repository we want to pull it from (`chainguard/wolfi-base:latest`). +This command first specifies the location of the Artifact Registry repository we just created (`us-central1-docker.pkg.dev//chainguard-pull-through/`). It then follows that with the name of the Chainguard Developer Image and the remote repository we want to pull it from (`chainguard/go:latest`). If you run into issues with this command, be sure that it contains the correct Google Artifact Registry URL for your repository, including the location and project ID. @@ -124,7 +124,7 @@ Back in the Google Artifact Registry, click on the repository you want to config Enter the pull token `username` value in the **Username** field. In the **Password** field, select the secret you created in Google Secret Manager. -![Screenshot of the Google Artifact Registry screen, showing the username and secret password configuration. The "Authenticated" option is selected, the "Username for the upstream repository" field points to a username generated byt he pull-token command, and the "Secret" drop-down menu has "chainguard-pull-token" selected.](Google-Artifact-Registry-2.png) +![Screenshot of the Google Artifact Registry screen, showing the username and secret password configuration. The "Authenticated" option is selected, the "Username for the upstream repository" field points to a username generated by the pull-token command, and the "Secret" drop-down menu has "chainguard-pull-token" selected.](Google-Artifact-Registry-2.png) Click the **Save** button to apply the changes. @@ -139,10 +139,10 @@ gcloud auth configure-docker us-central1-docker.pkg.dev Be sure to change `us-central1` to reflect the location of your Artifact Registry repository. -After running the command, you will be able to pull any Production Images that your organization has access to through Google Artifact Registry. For example, the following command will pull the `argo-cli-fips` Image if your organization has access to it: +After running the command, you will be able to pull any Production Images that your organization has access to through Google Artifact Registry. For example, the following command will pull the `chainguard-base` Image if your organization has access to it: ```sh -docker pull us-central1-docker.pkg.dev//chainguard-pull-through//argo-cli-fips:latest +docker pull us-central1-docker.pkg.dev//chainguard-pull-through//chainguard-base:latest ``` Be sure the `docker pull` command you run includes the name of your Chainguard organization's registry. diff --git a/content/chainguard/chainguard-registry/pull-through-guides/artifactory-pull-through/index.md b/content/chainguard/chainguard-registry/pull-through-guides/artifactory-pull-through/index.md index 9503c288c6..ed25547fc2 100644 --- a/content/chainguard/chainguard-registry/pull-through-guides/artifactory-pull-through/index.md +++ b/content/chainguard/chainguard-registry/pull-through-guides/artifactory-pull-through/index.md @@ -7,9 +7,9 @@ aliases: type: "article" description: "Tutorial outlining how to set up a remote Artifactory repository to pull Images through from the Chainguard Registry." date: 2024-02-13T15:56:52-07:00 -lastmod: 2024-07-09T15:56:52-07:00 +lastmod: 2024-08-19T15:56:52-07:00 draft: false -tags: ["Product", "Procedural", "Chainguard Images"] +tags: ["PRODUCT", "PROCEDURAL", "CHAINGUARD IMAGES"] images: [] menu: docs: @@ -62,7 +62,7 @@ Following that, click the **Create Remote Repository** button. If everything wor After clicking the **Set Up Docker Client** button, a modal window will appear from the right side of the page. Click the **Generate Token & Create Instructions** button, which will generate two code blocks whose contents you can copy. -The first will be a `docker login` command similar to the following example. Copy this command and run it in your terminal. +The first will be a `docker login` command similar to the following example. Run the following command in your terminal: ```sh docker login -u .jfrog.io @@ -70,10 +70,10 @@ docker login -u .jfrog.io After running this command, you'll be prompted to enter a password. Copy the token from the second code block and paste it into your terminal. -After running the `docker login` command, you will be able to pull a Chainguard Developer Image through Artifactory. The following example pulls the `wolfi-base` Image. +After running the `docker login` command, you will be able to pull a Chainguard Developer Image through Artifactory. The following example pulls the `go` Image: ```sh -docker pull .jfrog.io/cgr-public/chainguard/wolfi-base +docker pull .jfrog.io/cgr-public/chainguard/go ``` Be sure the `docker pull` command you run includes the name of your project as well as your own repository key in place of `cgr-public`. @@ -85,7 +85,7 @@ Production Chainguard Images are enterprise-ready images that come with patch SL To get started, you will need to create [a pull token](/chainguard/chainguard-registry/authenticating/#authenticating-with-a-pull-token) for your organization's Chainguard Registry. Pull tokens are longer-lived tokens that can be used to pull Images from other environments that don't support OIDC, such as some CI environments, Kubernetes clusters, or with registry mirroring tools like Artifactory. -To create a pull token with `chainctl`, run the following command. +To create a pull token with `chainctl`, run the following command: ```sh chainctl auth configure-docker --pull-token --parent @@ -95,7 +95,7 @@ Be sure to replace `` with your organization's name or ID. > **Note**: You can find your organization's name or ID by running `chainctl iam groups list -o table`. -This command will return a `docker login` command like the following. +This command will return a `docker login` command like the following: ``` . . . @@ -127,7 +127,7 @@ Following that, click the **Create Remote Repository** button. If everything wor After clicking the **Set Up Docker Client** button, a modal window will appear from the right side of the page. Click the **Generate Token & Create Instructions** button, which will generate two code blocks. -The first will be a `docker login` command similar to the following example. Copy this command and run it in your terminal. +The first will be a `docker login` command similar to the following example. Copy this command and run it in your terminal: ```sh docker login -u .jfrog.io @@ -137,13 +137,13 @@ Be sure to include your own username and Artifactory instance. After running this command, you'll be prompted to enter a password. Copy the token from the second code block, paste it into your terminal, and press `ENTER`. -After running the `docker login` command, you will be able to pull a Chainguard Production Image through Artifactory. The following example pulls the `wolfi-base` Image. +After running the `docker login` command, you will be able to pull a Chainguard Production Image through Artifactory. The following example will pull the `chainguard-base` Image if your organization has access to it: ```sh -docker pull .jfrog.io/cgr-private//wolfi-base +docker pull .jfrog.io/cgr-private//chainguard-base:latest ``` -Be sure the `docker pull` command you run includes the name of your artifactory project and the proper name of your organization's registry. Additionally, if you entered a different repository key in the setup section, use it in place of `cgr-private`. +Be sure the `docker pull` command you run includes the name of your artifactory project and the name of your organization's registry. Additionally, if you entered a different repository key in the setup section, use it in place of `cgr-private`. ## Debugging pull through from Chainguard’s registry to Artifactory diff --git a/content/chainguard/chainguard-registry/pull-through-guides/cloudsmith-pull-through/index.md b/content/chainguard/chainguard-registry/pull-through-guides/cloudsmith-pull-through/index.md index 4c71a4dc44..5a13e275c3 100644 --- a/content/chainguard/chainguard-registry/pull-through-guides/cloudsmith-pull-through/index.md +++ b/content/chainguard/chainguard-registry/pull-through-guides/cloudsmith-pull-through/index.md @@ -6,9 +6,9 @@ aliases: type: "article" description: "Tutorial outlining how to set up a Cloudsmith repository to pull Images through from the Chainguard Registry." date: 2024-07-16T15:56:52-07:00 -lastmod: 2024-07-16T15:56:52-07:00 +lastmod: 2024-08-19T15:56:52-07:00 draft: false -tags: ["Product", "Procedural", "Chainguard Images"] +tags: ["PRODUCT", "PROCEDURAL", "CHAINGUARD IMAGES"] images: [] menu: docs: @@ -157,7 +157,7 @@ If you run into issues when trying to pull Images from Chainguard's Registry to * Ensure that all Images [network requirements](https://edu.chainguard.dev/chainguard/administration/network-requirements/) are met. * When configuring a remote Cloudsmith repository, ensure that the **URL** field is set correctly. For Developer Images, this should be `https://cgr.dev/chainguard`; for Production Images this should be `https://cgr.dev/`. This field **must not** contain any additional components. -* You can troubleshoot by running `docker login` from another node (using the Cloudsmith pull token credentials) and try pulling an Image from `cgr.dev/chainguard/` or `cgr.dev//`. +* You can troubleshoot by running `docker login` from another node (using the Cloudsmith pull token credentials) and try pulling an Image from `cgr.dev/chainguard/` or `cgr.dev//`, using your own organization's registry name in place of ``. * It could be that your Cloudsmith repository was misconfigured. In this case, create and configure a new Cloudsmith repository to test with. ## Learn More diff --git a/content/chainguard/chainguard-registry/pull-through-guides/nexus-pull-through/index.md b/content/chainguard/chainguard-registry/pull-through-guides/nexus-pull-through/index.md index 9547eb9dff..d7480bb362 100644 --- a/content/chainguard/chainguard-registry/pull-through-guides/nexus-pull-through/index.md +++ b/content/chainguard/chainguard-registry/pull-through-guides/nexus-pull-through/index.md @@ -7,9 +7,9 @@ aliases: type: "article" description: "Tutorial outlining how to set up a Nexus repository to pull Images through from the Chainguard Registry." date: 2024-03-28T15:56:52-07:00 -lastmod: 2024-07-09T15:56:52-07:00 +lastmod: 2024-08-19T15:56:52-07:00 draft: false -tags: ["Product", "Procedural", "Chainguard Images"] +tags: ["PRODUCT", "PROCEDURAL", "CHAINGUARD IMAGES"] images: [] menu: docs: @@ -63,7 +63,7 @@ docker login -u After running this command, you'll be prompted to enter a password. -After running the `docker login` command, you will be able to pull a Chainguard Developer Image through Nexus. The following example pulls the `wolfi-base` Image. +After running the `docker login` command, you will be able to pull a Chainguard Developer Image through Nexus. The following example pulls the `wolfi-base` Image: ```sh docker pull /chainguard/wolfi-base @@ -100,10 +100,10 @@ docker login -u After running this command, you'll be prompted to enter a password. -After running the `docker login` command, you will be able to pull a Chainguard Production Image through Nexus. If your organization has access to it, the following example will pull the `argo-cli-fips` Image. +After running the `docker login` command, you will be able to pull a Chainguard Production Image through Nexus. If your organization has access to it, the following example will pull the `chainguard-base` Image: ```sh -docker pull //argo-cli-fips +docker pull //chainguard-base ``` Be sure the `docker pull` command you run includes the name of your organization's registry. @@ -115,7 +115,7 @@ If you run into issues when trying to pull Images from Chainguard's Registry to * Ensure that all Images [network requirements](https://edu.chainguard.dev/chainguard/administration/network-requirements/) are met. * When configuring a remote Nexus repository, ensure that the **URL** field is set to `https://cgr.dev/`. This field **must not** contain additional components. -* You can troubleshoot by running `docker login` from another node (using the Nexus pull token credentials) and try pulling an Image from `cgr.dev/chainguard/` or `cgr.dev//`. +* You can troubleshoot by running `docker login` from another node (using the Nexus pull token credentials) and try pulling an Image from `cgr.dev/chainguard/` or `cgr.dev//`, using your own organization's registry name in place of ``. * It could be that your Nexus repository was misconfigured. In this case, create and configure a new Nexus repository to test with. diff --git a/content/open-source/sbom/getting-started-openvex-vexctl.md b/content/open-source/sbom/getting-started-openvex-vexctl.md index 18415c0bc3..3989ed2b0c 100644 --- a/content/open-source/sbom/getting-started-openvex-vexctl.md +++ b/content/open-source/sbom/getting-started-openvex-vexctl.md @@ -7,7 +7,7 @@ type: "article" date: 2023-01-30T15:21:01+02:00 lastmod: 2024-05-21T15:21:01+02:00 draft: false -tags: ["SBOM", "VEX", "Procedural"] +tags: ["SBOM", "VEX", "PROCEDURAL"] images: [] menu: docs: diff --git a/content/open-source/sigstore/policy-controller/policies/chainguard-enforce-policy-examples.md b/content/open-source/sigstore/policy-controller/policies/chainguard-enforce-policy-examples.md index 7994b32c94..b24b7ac8ef 100644 --- a/content/open-source/sigstore/policy-controller/policies/chainguard-enforce-policy-examples.md +++ b/content/open-source/sigstore/policy-controller/policies/chainguard-enforce-policy-examples.md @@ -5,7 +5,7 @@ aliases: type: "article" description: "Policy recipes" date: 2022-07-15T15:22:20+01:00 -lastmod: 2024-05-10T13:11:29+08:29 +lastmod: 2024-08-19T15:56:52-07:00 draft: false tags: ["Open Source", "Procedural", "Policy", "policy-controller", "Reference", "SBOM"] images: [] @@ -38,13 +38,12 @@ spec: url: https://rekor.sigstore.dev ``` -Examples using Chainguard Images from the Chainguard Registry or the GitHub Container Registry, respectively: +Example using Chainguard Images from the Chainguard Registry: ``` ... images: - glob: cgr.dev/chainguard/** - - glob: ghcr.io/chainguard-images/** ... ``` diff --git a/layouts/partials/rumble-comparison.html b/layouts/partials/rumble-comparison.html index 9d5a5c3708..23e8ddb9ce 100644 --- a/layouts/partials/rumble-comparison.html +++ b/layouts/partials/rumble-comparison.html @@ -4,9 +4,11 @@

Comparison chart for {{ $i.image }} images

-

The following chart shows the past 30 days of Grype scans against the {{ $i.left}} image and the - {{$i.right}} Chainguard Image. Note that all scanners may find false positives or - miss false negative vulnerabilities. For more information about false results, visit our False Positives and False Negatives with Images Scanners page. +

+ The following chart shows the past 30 days of Grype scans against the {{ $i.left}} image and the {{$i.right}} Chainguard Image. You can find more information about the {{ $i.image }} image by checking out its README in the Chainguard Images Directory. +

+

+ Note that all scanners may find false positives or miss false negative vulnerabilities. For more information about false results, visit our False Positives and False Negatives with Images Scanners page.