https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/updating-images/Recent content in Keeping Containers Up to Date onHugo -- gohugo.ioen-USThu, 19 Dec 2024 08:49:15 +0000https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/updating-images/considerations-for-image-updates/Thu, 05 Oct 2023 11:07:52 +0200https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/updating-images/considerations-for-image-updates/Chainguard rebuilds container images daily to ensure the latest security patches are always included, addressing a critical challenge in container security. While keeping images up-to-date is essential for receiving security updates and new features, updates must be balanced with stability concerns since any code change can potentially introduce breaking changes or impact dependent systems. Due to the complexity involved in modern containerized applications, there is no one-size-fits-all approach to keeping your container images up to date.https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/updating-images/how-eol-software-accumulates-cves/Wed, 04 Dec 2024 11:07:52 +0200https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/updating-images/how-eol-software-accumulates-cves/Typically, specific versions of software receive updates on a schedule for a set amount of time. Eventually, though, every version of software will stop receiving support. When project maintainers stop providing updates, it’s known as the End-of-Life (EOL) stage. Because it’s no longer being actively maintained, software begins to collect vulnerabilities when it reaches EOL. This problem can become compounded when using container images, as they often come with extra components from underlying base images which are all prone to accruing vulnerabilities.https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/updating-images/strategies-tools-updating-images/Mon, 02 Dec 2024 11:07:52 +0200https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/updating-images/strategies-tools-updating-images/When it comes to keeping a system secure, one of the most important measures you can take is to regularly apply updates. In modern, containerized infrastructures, this normally means updating containers to use only the latest container images that are still maintained. A casual observer might expect such a standard and important task to have agreed-on best practices and standardized tooling, but they might be surprised by the wide variety of different solutions and opinions on this problem.https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/updating-images/renovate/Tue, 05 Sep 2023 11:07:52 +0200https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/updating-images/renovate/Renovate can be used to alert on updates to Chainguard Containers. This can be an effective way to keep your images up-to-date and free of CVEs. This article explains how to configure Renovate to support Chainguard Containers. NOTE: This article describes using Renovate to alert on new versions of Chainguard Containers. It is not about alerts for Wolfi packages (which is unsupported at the time of writing). Prerequisites This guide assumes you have successfully installed and configured Renovate.https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/updating-images/digestabot/Wed, 07 Feb 2024 15:21:01 +0000https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/updating-images/digestabot/Tools used in this video digestabot Transcript Today, I’d like to talk about a common question I get asked. How can you keep images up to date while avoiding breaking changes? The basic issue is that we’d like to make sure we’re getting the latest security updates and features for our software. But we really don’t want our applications and infrastructure to break unexpectedly. So there’s a tension between updating all the time, which gives you the latest code and limits unexpected breakages.