Security News > 2022 > September > Wolfi: A Linux undistro with security measures for the software supply chain
Wolfi is a new community Linux undistribution that combines the best aspects of existing container base images with default security measures that will include software signatures powered by Sigstore, provenance, and software bills of material.
Software supply chain security is unique - you've got a whole lot of different types of attacks that can target a lot of different points in the software lifecycle.
The ecosystem's push for software supply chain integrity and transparency has left organizations struggling to build software security measures like signatures, provenance, and SBOMs into legacy systems and existing Linux distributions.
Recently, the U.S.'s most prestigious security agencies tried to add to the conversation and released a 60+ page recommended practice guide, Securing the Software Supply Chain for Developers.
Chainguard's new Linux undistribution and build toolchain, Wolfi, is designed from the ground up to produce container images that meet the requirements of a secure software supply chain.
"We refer to Wolfi as an undistro because it is not a full Linux distribution designed to run on bare-metal, but a stripped-down one designed for the cloud-native era. Most notably, we don't include a Linux kernel, instead relying on the environment to provide this," said Dan Lorenc, CEO at Chainguard.
News URL
https://www.helpnetsecurity.com/2022/09/22/wolfi-linux-undistro-software-supply-chain-security/
Related news
- Deepen your knowledge of Linux security (source)
- Oracle Linux 9 Update 5 brings security updates, OpenJDK 17, .NET 9.0 (source)
- 'Alarming' security bugs lay low in Linux's needrestart utility for 10 years (source)
- Discover the future of Linux security (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Week in review: MUT-1244 targets both security workers and threat actors, Kali Linux 2024.4 released (source)