Wolfi Linux (Un)Distribution Secures The Software Supply Chain

Chainguard, the co-creator of Sigstore, has just launched Wolfi, a community Linux (un)distribution that is built with the default security measures necessary for securing the software supply chain.

wolfi1

The push for software supply chain integrity and transparency has left organizations struggling to build in software security measures like signatures, provenance, and SBOMs to legacy systems and existing Linux distributions. To that end, Sigstore is good but requires manual labor. There must be a better way of utilizing its facilities.

And what better than package all the work in an immutable container? Chainguard’s new Linux (un)distribution and build toolchain, Wolfi, is doing exactly that. It produces container images that meet the requirements of the secure software supply chain; that is images already provided with signing and sensible defaults.

Sensible defaults is certainly an answer to writing secure code. I discussed this notion when covering Semgrep, a tool that searches through code for flaws where plain regexes fall flat and using Static Application Security Testing would be overkill. Semgrep works by enforcing sensible defaults. Why is this important?

full article on i-programmer:

https://www.i-programmer.info/news/80-java/15739-wolfi-linux-undistribution-secures-the-software-supply-chain.html

Ursina - A Game Engine Powered by Python

Ursina is a new open source game engine in which you can code any type of game in Python, be it 2-D, 3-D, an application, a visualization, you name it. https://www.i-programmer.info/news/144-graphics-and-games/17606-ursina-a-game-engine-powered-by-python.html

The Advent of SQL 2024 Has Commenced

It's Advent - the time of year when we countdown the days to Christmas - and if your are a programmer complete daily coding challenges with the Advent of Code, the Advent of Perl, the Advent of Java, Javascriptmas, etc. Now we have the Advent of SQL too with 24 SQL challenges to complete before Christmas! https://www.i-programmer.info/news/204-challenges/17678-the-advent-of-sql-2024-has-commenced.html

Greenplum's Cloudberry Fork Enters Apache Incubator

Cloudberry is the open source equivalent of Greenplum. Now it is fostered by the Apache Foundation as it acquires incubating status. It all began about six months ago. Greenplum's Github repositories was archived and went dark. This meant no more free new releases or security and bug fixes for its users. Why? Because in May 2024, Tanzu made the decision to close-source the project. https://www.i-programmer.info/news/84-database/17694-greenplums-cloudberry-fork-enters-apache-incubator-.html

PERL,INGRES,PROGRAMMING

Subscribe with Email

Search This Blog