https://deploy-preview-2826--ornate-narwhal-088216.netlify.app/tags/video/Recent content in video onHugo -- gohugo.ioen-USTue, 23 Dec 2025 09:30:00 +0100https://deploy-preview-2826--ornate-narwhal-088216.netlify.app/chainguard/factory/what-is-factory/Sat, 02 Aug 2025 16:00:00 +0000https://deploy-preview-2826--ornate-narwhal-088216.netlify.app/chainguard/factory/what-is-factory/Transcript Interviewer: So Dustin, can you explain what the Chainguard Factory is? Dustin Kirkland: Yeah, so the Chainguard Factory is the automation that’s at the heart of what we do here at Chainguard. Essentially, we have this build system that’s constantly monitoring over 10,000 open source projects, and the moment that any upstream maintainer tags a new release, our automation springs into action—fetching that source code, checking the checksums, applying our build rules, rebuilding and recompiling that software, retesting that software at the package and unit level.https://deploy-preview-2826--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/troubleshooting/debugging_distroless/Fri, 26 Jan 2024 01:21:01 +0000https://deploy-preview-2826--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/troubleshooting/debugging_distroless/Tools used in this video Docker Desktop (Note a paid subscription is required.) Transcript Hey folks, I wanted to record a short video explaining how you can debug container images, even distroless ones. One of the problems with distroless images is that they can be difficult to debug. Now if you’re using Kubernetes, please try out ephemeral containers, but in this video I want to talk about something else.https://deploy-preview-2826--ornate-narwhal-088216.netlify.app/chainguard/factory/what-factory-builds/Sat, 02 Aug 2025 16:00:00 +0000https://deploy-preview-2826--ornate-narwhal-088216.netlify.app/chainguard/factory/what-factory-builds/Transcript Interviewer: So Dustin, what does the Factory actually build every day? Dustin Kirkland: Yeah, so the input is open source software that’s coming in from thousands of upstream maintainers who are very much the experts in what they do. That goes into our Factory. We apply our build automation system and, importantly, our quality control and testing system. Out of that comes a series of artifacts. We produce APKs, which is our package format.https://deploy-preview-2826--ornate-narwhal-088216.netlify.app/chainguard/factory/touring-the-factory/Sat, 02 Aug 2025 16:00:00 +0000https://deploy-preview-2826--ornate-narwhal-088216.netlify.app/chainguard/factory/touring-the-factory/Transcript Interviewer: So Dustin, can you give us a quick tour of the Chainguard Factory? Dustin Kirkland: Yeah, so the Chainguard Factory is the automation that we have inside of Chainguard itself that is able to reproducibly build thousands of open-source projects. We start from a fully bootstrapped-from-source version of the source code. We pull the source code down, we apply our build rules, build that code, test that code, sign that code, and publish that code—first as packages.https://deploy-preview-2826--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/zerocve/Fri, 31 May 2024 12:21:01 +0000https://deploy-preview-2826--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/about/zerocve/Tools and resources used in this video Grype Wolfi Security Advisories Note: In November 2024, after this article was first written, Chainguard made changes to its free tier of container images. In order to access the non-free container images used in this guide, you will need to be part of an organization that has access to them. For a full list of container images that will remain in Chainguard's free tier, please refer to this support page.https://deploy-preview-2826--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/how-to-use/static-base-image/Wed, 30 Aug 2023 15:21:01 +0000https://deploy-preview-2826--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/how-to-use/static-base-image/Tools used in this video Docker Grype Dockerfile FROM cgr.dev/chainguard/go AS build COPY main.go /main.go RUN CGO_ENABLED=0 go build -o /hello /main.go FROM cgr.dev/chainguard/static COPY --from=build /hello /usr/local/bin/ CMD ["hello"] Transcript So what’s the best container base image to use? 0:10 Well, there’s plenty of choices but if everything else is equal, I would choose something very small and with a low known-vulnerability account, and an excellent example of this is a Chainguard static image.https://deploy-preview-2826--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/how-to-use/container-image-digests/Mon, 07 Aug 2023 15:21:01 +0200https://deploy-preview-2826--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/how-to-use/container-image-digests/Tools used in this video Docker Crane Commands used docker pull cgr.dev/chainguard/nodedocker manifest inspect cgr.dev/chainguard/node@sha256:ede7ef4ca485553f5313f7a02ad3537db1fe337079fc7cfb879f44cf709326dbcrane digest --full-ref cgr.dev/chainguard/nodedocker pull cgr.dev/chainguard/node:latest@sha256:ede7ef4ca485553f5313f7a02ad3537db1fe337079fc7cfb879f44cf709326db Dockerfile FROM cgr.dev/chainguard/go:latest@sha256:7e60584b9ae1eec6ddc6bc72161f4712bcca066d5b1f511d740bcc0f65b05949 AS build WORKDIR /src RUN CGO_ENABLED=0 go build -o /bin/server ./src FROM cgr.dev/chainguard/static AS prod COPY --from=build /bin/server /bin/ EXPOSE 8000 ENTRYPOINT [ "/bin/server" ] Transcript 0:05 You might have heard the advice to pin to a digest when using container images. 0:10 But what does this mean?https://deploy-preview-2826--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/how-to-use/digestabot_frizbee/Fri, 07 Jun 2024 12:21:01 +0000https://deploy-preview-2826--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/how-to-use/digestabot_frizbee/Tools Frizbee Digestabot Transcript I’d like to talk about a problem I faced with container builds in the past and a potential solution. So basically, the problem is you rerun your Docker build, or you reapply your Kubernetes YAML, and it no longer works, even though it was perfectly fine the last time. And it’s because the images your configuration is pointing to have changed, i.e. you’re now pulling different versions of the images.https://deploy-preview-2826--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/how-to-use/version-info-chainguard-images/Fri, 07 Jul 2023 15:21:01 +0200https://deploy-preview-2826--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/how-to-use/version-info-chainguard-images/Tools used in this video Docker Cosign Commands used cosign download attestation --platform=linux/amd64 \ --predicate-type=https://spdx.dev/Document \ cgr.dev/chainguard/python:latest | jq -r .payload | base64 -d \ | jq -r '.predicate.packages[] | "\(.name) \(.versionInfo)"'docker run cgr.dev/chainguard/wolfi-base ls /var/lib/db/sbom Transcript Hi, I want to record a very short video on how to get software version information out of Chainguard Containers. 0:14 This is particularly useful if you’re using the public tier of Chainguard Containers and only have access to the latest tag and it can be difficult to ascertain the version that this refers to.https://deploy-preview-2826--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/how-to-use/minimal-runtime-images/Wed, 06 Sep 2023 01:21:01 +0000https://deploy-preview-2826--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/how-to-use/minimal-runtime-images/Tools used in this video Docker Resources The Dockerfiles used in this video and other supporting documentation are available on GitHub. Transcript Today, I’d like to talk about how to create minimal secure images when using a language that requires a runtime. 0:12 So here we’re thinking of things like Java, .NET or Python. 0:17 In these cases, you won’t be able to use the scratch image or the Chainguard or Google distroless static images, as they won’t include the files for the runtime.