Security News > 2022 > September > Wolfi: A Linux undistro with security measures for the software supply chain

Wolfi is a new community Linux undistribution that combines the best aspects of existing container base images with default security measures that will include software signatures powered by Sigstore, provenance, and software bills of material.

Software supply chain security is unique - you've got a whole lot of different types of attacks that can target a lot of different points in the software lifecycle.

The ecosystem's push for software supply chain integrity and transparency has left organizations struggling to build software security measures like signatures, provenance, and SBOMs into legacy systems and existing Linux distributions.

Recently, the U.S.'s most prestigious security agencies tried to add to the conversation and released a 60+ page recommended practice guide, Securing the Software Supply Chain for Developers.

Chainguard's new Linux undistribution and build toolchain, Wolfi, is designed from the ground up to produce container images that meet the requirements of a secure software supply chain.

"We refer to Wolfi as an undistro because it is not a full Linux distribution designed to run on bare-metal, but a stripped-down one designed for the cloud-native era. Most notably, we don't include a Linux kernel, instead relying on the environment to provide this," said Dan Lorenc, CEO at Chainguard.

News URL

https://www.helpnetsecurity.com/2022/09/22/wolfi-linux-undistro-software-supply-chain-security/