Wolfi Linux (Un)Distribution Secures The Software Supply Chain

Chainguard, the co-creator of Sigstore, has just launched Wolfi, a community Linux (un)distribution that is built with the default security measures necessary for securing the software supply chain.

wolfi1

The push for software supply chain integrity and transparency has left organizations struggling to build in software security measures like signatures, provenance, and SBOMs to legacy systems and existing Linux distributions. To that end, Sigstore is good but requires manual labor. There must be a better way of utilizing its facilities.

And what better than package all the work in an immutable container? Chainguard’s new Linux (un)distribution and build toolchain, Wolfi, is doing exactly that. It produces container images that meet the requirements of the secure software supply chain; that is images already provided with signing and sensible defaults.

Sensible defaults is certainly an answer to writing secure code. I discussed this notion when covering Semgrep, a tool that searches through code for flaws where plain regexes fall flat and using Static Application Security Testing would be overkill. Semgrep works by enforcing sensible defaults. Why is this important?

full article on i-programmer:

https://www.i-programmer.info/news/80-java/15739-wolfi-linux-undistribution-secures-the-software-supply-chain.html

Spatial Data Management For GIS and Data Scientists

Videos of the lectures taught in Fall 2023 at the University of Tennessee are now available as a YouTube playlist. They provide a complete overview of the concepts of GeoSpatial science using Google Earth Engine, PostgresSQL GIS , DuckDB, Python and SQL. https://www.i-programmer.info/news/145-mapping-a-gis/16772-spatial-data-management-for-gis-and-data-scientists.html

The I Programmer Java 2023 Recap

At I Programmer we continue to monitor Java's status closely. Here's what we've recorded throughout 2023. https://www.i-programmer.info/programming/178-java/16858-the-i-programmer-java-2023-recap.html

Microsoft Goes All Out On Educating Developers

What better way to lure devs into the platform than to provide clear how-to instructions and deep educational material? Over the last couple of years, but especially during 2023, Microsoft has pumped up its educational facilities on . NET. For instance, it has released a number of self-paced projects we here at I Programmer have covered, such as: https://www.i-programmer.info/news/89-net/16857-microsoft-goes-all-out-on-educating-developers.html

PERL,INGRES,PROGRAMMING

Subscribe with Email

Search This Blog