https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/Recent content in Staying Secure onHugo -- gohugo.ioen-USThu, 19 Dec 2024 08:49:15 +0000https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/cve-risk/Thu, 16 Nov 2023 11:07:52 +0200https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/cve-risk/Common vulnerabilities and exposures (CVEs) are an increasing concern for developers and organizations, which is why Chainguard developed its minimal container images that reduce the attack surface. A new CVE in a widely-used application or a vulnerability scan with numerous positive results can significantly impact security posture, compliance requirements, and development timelines. Chances are, your software has already been impacted by a CVE. It’s likely there are active CVEs in software you are using.https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/fedramp-considerations/Wed, 29 Jan 2025 15:56:52 -0700https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/fedramp-considerations/Many frequently asked questions revolve around how organizations are meant to stay on top of the changing landscape for FedRAMP, PMOS, Revisions, and Certificates. This article outlines various considerations and risk factors that organizations should keep in mind when working to become and stay FedRAMP authorized. Important Considerations for PMO Revision Trends There are a number of things one should keep in mind when analyzing revision trends from the FedRAMP Program Management Office (PMO) — which oversees the development of the FedRAMP program — and the changes in FIPS 140-3.https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/repro/Mon, 20 May 2024 12:21:01 +0000https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/chainguard-images/staying-secure/repro/Clarification In this video we mention needing to keep copies of old APKs in order to be able to recreate images. This wasn’t fully accurate — in fact we do keep all our previously issued APKs, so you can build images from months (and in the future, years) ago without issue. We currently retain all of these package versions indefinitely (only servicing latest), but in the future we may age things out just to manage the size of the index.