https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/tags/overview/Recent content in Overview onHugo -- gohugo.ioen-USTue, 23 Dec 2025 15:04:05 +0100https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/open-source/octo-sts/overview/Tue, 23 Dec 2025 15:04:05 +0100https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/open-source/octo-sts/overview/Octo STS is a GitHub App developed by Chainguard that acts as a Security Token Service (STS) for the GitHub API. It enables workloads running anywhere that can produce OIDC tokens to federate with GitHub, exchanging those tokens for short-lived GitHub access tokens. The primary goal is to eliminate the need for GitHub Personal Access Tokens (PATs), which are long-lived credentials that pose significant security risks. Why Octo STS Matters Long-lived access tokens are a common target in security incidents.https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/vms/overview/Tue, 21 Oct 2025 08:04:00 +0000https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/vms/overview/Chainguard VMs offer a minimal and verifiable foundation for running ephemeral workloads in cloud and on-prem hypervisor deployments, designed to complement and extend the same secure-by-default philosophy found in Chainguard Containers. With a strong focus on rapid CVE remediation and a small attack surface, Chainguard VMs are purpose-built to service the target workload and include only the packages that are essential for its operation. Built in the Chainguard Factory, Chainguard VMs benefit from a highly automated, secure-by-design build pipeline that ensures consistent, reproducible artifacts.https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/features/packages/package-model/Thu, 09 Oct 2025 00:00:00 +0000https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/features/packages/package-model/Chainguard Containers are built using packages from the Wolfi and Chainguard OS Linux distributions. If you need to extend or customize an image, it can be useful to access these packages directly. Chainguard offers curated package repositories to support containerized workloads and simplify dependency management. These repositories ensure you can access trusted packages — whether building custom container images, working with Chainguard OS, or using Chainguard Containers in production. This article provides an overview of Chainguard’s package model, highlighting the different Chainguard package repositories available to customers.https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/factory/what-is-factory/Sat, 02 Aug 2025 16:00:00 +0000https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/factory/what-is-factory/Transcript Interviewer: So Dustin, can you explain what the Chainguard Factory is? Dustin Kirkland: Yeah, so the Chainguard Factory is the automation that’s at the heart of what we do here at Chainguard. Essentially, we have this build system that’s constantly monitoring over 10,000 open source projects, and the moment that any upstream maintainer tags a new release, our automation springs into action—fetching that source code, checking the checksums, applying our build rules, rebuilding and recompiling that software, retesting that software at the package and unit level.https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/libraries/overview/Tue, 25 Mar 2025 08:04:00 +0000https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/libraries/overview/Chainguard Libraries provide enhanced security for open source dependencies in the Java, JavaScript, and Python ecosystems, addressing critical supply chain vulnerabilities through automated patching and continuous monitoring. Modern applications rely heavily on libraries from public repositories like Maven Central, npm Registry, and PyPI, but using these repositories introduces supply chain risks that could expose your applications and system to compromise. Background Open source libraries distributed through public repositories face several security challenges: maintainers may not promptly address vulnerabilities, binary artifacts can be compromised, and the sheer volume of transitive dependencies makes manual security management impractical.https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/software-security/cves/cve-intro/Fri, 30 Jun 2023 19:10:09 +0000https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/software-security/cves/cve-intro/A software vulnerability is a weakness in a program which, if left unaddressed, may be used by attackers to access, manipulate, or compromise a computer system. Vulnerabilities can be introduced at different stages of development and vary in their scope, criticality, and potential attack vector depending on their root cause. As a consequence, software developers spend time and resources triaging, remediating, and patching vulnerabilities to harden their software security and to prevent attackers from exploiting unintended program behavior.https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/open-source/sigstore/rekor/an-introduction-to-rekor/Sat, 20 Aug 2022 08:49:31 +0000https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/open-source/sigstore/rekor/an-introduction-to-rekor/An earlier version of this material was published in the Rekor chapter of the Linux Foundation Sigstore course. Rekor stores records of artifact metadata, providing transparency for signatures and therefore helping the open source software community monitor and detect any tampering of the software supply chain. On a technical level, it is an append-only (sometimes called “immutable”) data log that stores signed metadata about a software artifact, allowing software consumers to verify that a software artifact is what it claims to be.https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/open-source/sigstore/cosign/an-introduction-to-cosign/Tue, 19 Jul 2022 08:49:31 +0000https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/open-source/sigstore/cosign/an-introduction-to-cosign/An earlier version of this material was published in the Cosign chapter of the Linux Foundation Sigstore course. Cosign supports software artifact signing, verification, and storage in an OCI (Open Container Initiative) registry. While Cosign was developed with containers and container-related artifacts in mind, it can also be used for open source software packages and other file types. Cosign can therefore be used to sign blobs (binary large objects), files like READMEs, SBOMs (software bills of materials), Kubernetes Helm Charts, Tekton bundles (an OCI artifact containing Tekton CI/CD resources like tasks), and more.https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/software-security/cves/cve-why-care/Thu, 13 Jul 2023 19:46:58 +0000https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/software-security/cves/cve-why-care/Software products are prone to vulnerabilities which, if exploited by an attacker, may negatively impact the systems and consumers relying on them. Attacks against vulnerable software systems can result in the unintended exposure and misuse of sensitive data (like the theft of user account credentials). In other cases, these attacks could affect the provision of a service, or compromise critical infrastructure that relies on the software. Given the considerable threat that they can pose, it is important that developers spend time mitigating vulnerabilities to protect against hackers seeking to exploit them.https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/software-security/cves/infamous-cves/Fri, 21 Jul 2023 19:16:39 +0000https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/software-security/cves/infamous-cves/Software vulnerabilities vary in their severity – some are difficult to exploit and have minimal implications, while others can be exploited easily, giving an attacker significant leverage over a computer system. In cases where widely-implemented software contains high-severity vulnerabilities, the damage caused by their exploitation can affect millions of developers and services worldwide. In this article, you will learn how the KEV Catalog tracks known exploited software vulnerabilities, and how it serves as a tool for developers and federal agencies.