https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/tags/reference/Recent content in Reference onHugo -- gohugo.ioen-USThu, 26 Mar 2026 14:15:45 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/libraries/network-requirements/Wed, 04 Jun 2025 09:30:00 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/libraries/network-requirements/Chainguard Libraries require specific network access to ensure secure delivery of hardened dependencies to your development environment. This guide details the domains and ports needed for authentication, package downloads, and verification tools. Access for chainctl and other tools For initial configuration with chainctl as well as for verification of downloaded libraries with cosign and other tools, you must allow HTTPS access to the following domains: dl.enforce.dev for download and update of chainctl issuer.https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/migration/compatibility/alpine-compatibility/Fri, 23 Feb 2024 15:56:52 -0700https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/migration/compatibility/alpine-compatibility/Chainguard Containers and Alpine base images have different binaries and scripts included in their respective busybox and coreutils packages. The following table lists common tools and their corresponding package(s) in both Wolfi and Alpine distributions. Note that $PATH locations like /usr/bin or /sbin are not included here. If you have compatibility issues with tools that are included in both busybox and coreutils, be sure to check $PATH order and confirm which version of a tool is being run.https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/administration/cloudevents/events-reference/Tue, 15 Nov 2022 12:05:04 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/administration/cloudevents/events-reference/Chainguard generates and emits CloudEvents based on actions that occur within a Chainguard account, such as registering a Kubernetes cluster or creating an IAM invitation. Chainguard also emits events when workloads or policies are changed in a cluster. Check out this GitHub repository for some sample applications that demonstrate how to use events to create Slack notifications, open GitHub issues, and mirror images. To subscribe to Chainguard events for your account, use the chainctl command like this:https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/administration/iam-organizations/overview-of-chainguard-iam-model/Fri, 15 Jul 2022 15:22:20 +0100https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/administration/iam-organizations/overview-of-chainguard-iam-model/Chainguard’s Identity and Access Management (IAM) model enables more secure, fine-grained control over container registries and security resources, using familiar concepts from cloud providers like AWS and GCP. This enterprise-grade IAM system allows organizations to implement least-privilege access, delegate permissions, and integrate with existing identity providers for seamless authentication and authorization. Organizations and Folders Chainguard’s IAM model consists of two structures: Organizations and Folders. An organization is a customer or group of customers working with the same Chainguard resources, while a folder is a collection of resources within a Chainguard organization.https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/administration/iam-organizations/roles-role-bindings/capabilities-reference/Thu, 14 Aug 2025 00:00:00 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/administration/iam-organizations/roles-role-bindings/capabilities-reference/Chainguard provides customers with a set of built-in roles as part of its Identity and Access Management (IAM) system. These roles have different permissions and capabilities that allow them to serve specialized purposes, from general administrative access to access for specific resources like registries, APK packages, and programming language libraries. This reference provides an overview of all Chainguard IAM capabilities and shows which built-in roles include each capability. Each capability represents a specific permission or action that can be performed within the Chainguard platform.https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/migration/compatibility/debian-compatibility/Thu, 08 Feb 2024 15:56:52 -0700https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/migration/compatibility/debian-compatibility/Chainguard Containers and Debian base images have different binaries and scripts included in their respective busybox and coreutils packages. The following table lists common tools and their corresponding package(s) in both Wolfi and Debian distributions. Note that $PATH locations like /usr/bin or /sbin are not included here. If you have compatibility issues with tools that are included in both busybox and coreutils, be sure to check $PATH order and confirm which version of a tool is being run.https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/network-requirements/Fri, 08 Sep 2023 08:49:31 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/network-requirements/This document provides an overview of network requirements for using Chainguard Containers. To use Chainguard tools and Containers in environments with firewalls, VPNs, and IDS/IPS systems, you will need to add some rules to allow traffic into and out of your networks. Chainguard Containers do not call Chainguard services while running, so no network changes would be required to the runtime environment. Review the Notes column for more info on each Hostname.https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/open-source/sigstore/policy-controller/policies/chainguard-enforce-rego-policies/Thu, 12 Jan 2023 15:56:52 -0700https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/open-source/sigstore/policy-controller/policies/chainguard-enforce-rego-policies/The Sigstore Policy Controller supports the Rego Policy Language, which is a declarative policy language that is used to evaluate structured input data such as Kubernetes manifests and JSON documents. This feature enables users to apply policies that can evaluate Kubernetes admission requests and object metadata to make comprehensive decisions about the workloads that are admitted to their clusters. Rego support also enables users to enhance existing cloud-native policies by adding additional software supply chain security checks.https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/software-security/secure-software-development/ssd-attestation-form/Wed, 10 May 2023 15:21:01 +0200https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/software-security/secure-software-development/ssd-attestation-form/Attestation and Signature On behalf of the above-specified company, I attest that [software producer] presently makes consistent use of the following practices, drawn from the secure software development framework (SSDF), in developing the software identified in Section I: The software is developed and built in secure environments. Those environments are secured by the following actions, at a minimum: Separating and protecting each environment involved in developing and building Software; Regularly logging, monitoring, and auditing trust relationships used for authorization and access: to any software development and build environments; and among components within each environment; Enforcing multi-factor authentication and conditional access across the environments relevant to developing and building software in a manner that minimizes security risk; Taking consistent and reasonable steps to document as well as minimize use or inclusion of software products that create undue risk within the environments used to develop and build software; Encrypting sensitive data, such as credentials, to the extent practicable and based on risk; Implementing defensive cyber security practices, including continuous monitoring of operations and alerts and, as necessary, responding to suspected and confirmed cyber incidents; The software producer has made a good-faith effort to maintain trusted source code supply chains by: Employing automated tools or comparable processes; and Establishing a process that includes reasonable steps to address the security of third-party components and manage related vulnerabilities; The software producer employs automated tools or comparable processes in a good-faith effort to maintain trusted source code supply chains; The software producer maintains provenance data for internal and third-party code incorporated into the software; The software producer employs automated tools or comparable processes that check for security vulnerabilities.https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/migration/compatibility/ubuntu-compatibility/Fri, 23 Feb 2024 15:56:52 -0700https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/chainguard/migration/compatibility/ubuntu-compatibility/Chainguard Containers and Ubuntu base images have different binaries and scripts included in their respective busybox and coreutils packages. The following table lists common tools and their corresponding package(s) in both Wolfi and Ubuntu distributions. Note that $PATH locations like /usr/bin or /sbin are not included here. If you have compatibility issues with tools that are included in both busybox and coreutils, be sure to check $PATH order and confirm which version of a tool is being run.