images
by
chainguard-images

Description: Public Chainguard Images

View on GitHub ↗

Summary Information

Updated 30 seconds ago
Added to GitGenius on April 3rd, 2025
Created on November 8th, 2022
Open Issues & Pull Requests: 114 (+0)
Number of forks: 175
Total Stargazers: 683 (+0)
Total Subscribers: 35 (+0)

Issue Activity (beta)

Open issues: 52
New in 7 days: 0
Closed in 7 days: 0
Avg open age: 734 days
Stale 30+ days: 52
Stale 90+ days: 49

Recent activity

Opened in 7 days: 0
Closed in 7 days: 0
Comments in 7 days: 0
Events in 7 days: 0

Top labels

  • needs-triage (92)
  • image-request (28)
  • bug (7)
  • enhancement (6)
  • documentation (5)
  • hacktoberfest (4)
  • q123 (3)
  • q422 (3)

Most active issues this week

No issue events were indexed in the last 7 days.

Repository Insights (GitGenius)

Median issue/PR response: 0.0 hours
Mean response time: 173.7 days
90th percentile: 728.4 days
Tracked items: 77

Most active contributors

Detailed Description

The Chainguard Images repository holds the public build configuration for a comprehensive catalog of minimal, hardened OCI container images distributed through the cgr.dev registry under the chainguard namespace. The repository serves as the source of truth for how these production-ready container images are constructed, tested, and published, making it a critical component of Chainguard's container security and supply chain infrastructure.

Every image in this repository is built using apko, a tool designed for creating minimal container images from declarative configurations. The build process centers on locked_config.json files, which contain fully resolved and pinned package versions for each supported architecture. This pinning approach ensures reproducible builds, meaning the same configuration file will consistently produce identical image content across different build environments and time periods. This reproducibility is fundamental to the repository's security posture and allows users to verify image contents independently.

The publication workflow is automated through a GitHub Actions workflow defined in release.yaml, which monitors changes to locked_config.json files on the main branch and triggers builds on a daily schedule. When changes are detected, the workflow uses a Terraform module at main.tf to orchestrate the build and publication process. This module reads the locked configuration, builds each image variant using the apko Terraform provider, publishes the resulting OCI images to cgr.dev, and generates accompanying SBOMs and cosign attestations for supply chain security verification.

The repository is organized with per-image directories under images/ containing build configurations, tests, and documentation for each image. Shared Terraform modules are centralized in tflib/ to promote consistency across the build infrastructure. The codebase is primarily written in HCL, reflecting its heavy use of Terraform for orchestration and infrastructure as code practices.

Activity data shows the repository maintains active triage and maintenance operations, with xnox leading contributor engagement at 31 tracked events, followed by jakeva with 23 events and amouat with 7 events. The most common issue label is needs-triage with 62 instances, followed by image-request with 19 instances, indicating ongoing demand for new images and active community engagement. The median response latency for issues and pull requests is 0.0 hours, though the mean of 4168.7 hours reflects some longer-running discussions and feature requests.

The repository connects to other significant open-source projects through overlapping contributors, including pingcap/tidb, cloud-custodian/cloud-custodian, and strimzi/strimzi-kafka-operator, suggesting cross-pollination of practices and expertise across container and infrastructure security domains. The repository emphasizes security best practices through comprehensive documentation including image guidelines in BEST_PRACTICES.md, a security policy for vulnerability reporting, and detailed instructions for building images locally and withdrawing deprecated images. Users can browse the full catalog at images.chainguard.dev and access commercial offerings through Chainguard Console.

images
by
chainguard-imageschainguard-images/images

Repository Details

Fetching additional details & charts...