https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/migration/Recent content in Migration Guides onHugo -- gohugo.ioen-USMon, 26 Feb 2024 08:48:45 +0000https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/migration/migrations-overview/Mon, 22 Jul 2024 12:56:52 +0000https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/migration/migrations-overview/Chainguard Containers are a collection of container images designed for security and minimalism. Many Chainguard Containers are distroless; they contain only an open-source application and its runtime dependencies. These container images do not even contain a shell or package manager, because fewer dependencies reduce the potential attack surface of images. By minimizing the number of dependencies and thus reducing their potential attack surface, Chainguard Containers inherently contain few to zero CVEs.https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/migration/migration-tips/Thu, 29 May 2025 12:56:52 +0000https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/migration/migration-tips/The process of migrating over to Chainguard Containers isn’t always straightforward. To help customers become acquainted with Chainguard Containers as they go through the migration process, we’ve assembled this list of tips and strategies for migrating over their applications. Use Development Variants When You Need a Shell Chainguard provides development (or -dev) variants of its containers which include a shell and package manager to allow users to more easily debug and modify the image.https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/migration/porting-apps-to-chainguard/Wed, 10 Apr 2024 12:56:52 +0000https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/migration/porting-apps-to-chainguard/Porting Key Points Chainguard’s distroless Containers have no shell or package manager by default. This is great for security, but sometimes you need these things, especially in builder images. For those cases we have -dev variants (such as cgr.dev/chainguard/python:latest-dev) which do include a shell and package manager. Chainguard Containers typically don’t run as root, so a USER root statement may be required before installing software. The -dev variants and wolfi-base / chainguard-base use BusyBox by default, so any groupadd or useradd commands will need to be ported to addgroup and adduser.https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/migration/migrating-to-chainguard-images/Mon, 25 Mar 2024 15:56:52 -0700https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/migration/migrating-to-chainguard-images/Chainguard Containers provide enhanced security through minimal design and built-in provenance attestation, requiring some adjustments when migrating from traditional base images. Built on the Wolfi Linux distribution, these images offer compatibility with most applications while significantly reducing attack surface and vulnerabilities. A general migration process would involve the following steps: Identify the base image you need. Check out the Chainguard Containers Directory to identify the image that is the closest match to what you currently use.https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/migration/the-guardener/Mon, 30 Mar 2026 00:00:00 +0000https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/migration/the-guardener/The Guardener migrates your Dockerfiles to use Chainguard Containers. It uses AI to iteratively convert instructions, build images, compare results, and fix issues until the Dockerfile works as expected. You interact with it through chainctl agent dockerfile commands. The AI runs server-side and scans your workspace to perform its analysis. Docker builds and file access remain local to your machine, and only the data necessary for analysis is processed. Note: The Guardener is currently in beta.https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/migration/dockerfile-conversion/Tue, 18 Mar 2025 15:22:20 +0100https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/migration/dockerfile-conversion/Chainguard’s Dockerfile Converter (dfc) was designed to facilitate the process of porting existing Dockerfiles to use Chainguard Containers. The following platforms are currently supported: Alpine (apk) Debian / Ubuntu (apt, apt-get) Fedora / RedHat / UBI (yum, dnf, microdnf) Note: If you prefer a fully automated approach, The Guardener is an AI-powered agent that can migrate, optimize, and validate your Dockerfiles with minimal manual intervention. Installation If you use Homebrew, you can install dfc with:https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/migration/migration-checklist/Mon, 03 Feb 2025 10:42:57 +0000https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/migration/migration-checklist/Chainguard container images are designed to be minimal and to include special features for increased security and provenance attestation. Depending on your current base image and customizations, you may need to make some adjustments when migrating your current workloads to use Chainguard Containers. This checklist provides a high-level overview of the steps you should consider when migrating to Chainguard Containers. Download the PDF version of this checklist here! Important to Know Most Chainguard Containers don’t have a package manager or a shell by default.