Chainguard has announced Wolfi, a new community Linux (un)distribution that combines the best aspects of existing container base images with default security measures that will include software signatures powered by Sigstore, provenance, and software bills of material (SBOM). The company also announced Chainguard Academy, the free, open source and interactive educational platform designed for software supply chain security, and the general availability of Chainguard Enforce, the company’s comprehensive software supply chain risk management platform.
Wolfi is Chainguard’s latest major contribution in the open source toolchain for supply chain security, which enables the purpose-built Chainguard Images. Chainguard Images are designed with minimal components to help reduce an enterprise’s attack surface and generate SBOMs at the time of development, leaving no errors in the creation process.
The newly launched Chainguard Academy builds on the team’s previous educational efforts such as the Securing Your Software Supply Chain with Sigstore course in partnership with the Linux Foundation and edX. Additionally, developers using Chainguard Academy will be able to work with Sigstore and distroless container images right from their browsers through an interactive sandbox terminal.
Chainguard Enforce, the company’s comprehensive solution for software supply chain risk management, is now generally available. Since the launch of its early access program in April, Chainguard Enforce is adding new features including “agentless” mode, a re-designed UI with security metrics, SOC2 Type 1 certification, curated security policies and alerting, integrations with CloudEvents, OPA Gatekeeper and Styra, Terraform provider, Vault, and more.
With Chainguard Enforce, organizations can focus on delivering software efficiently throughout every step of the software development lifecycle, make real-time policy decisions and access critical metadata for incident management.