Feeding the Bit Bucket

Docker Bake and Chainguard Images

Thu, 13 Feb 2025 00:00:00 +0000

(Originally published on the Chainguard blog) If you’re anything like me, you probably have horrendously long docker build commands that you manage via shell history. If you’re more organised, you might have shell scripts or even Makefiles to manage your Docker build workflows. That is a better solution, but adds in an extra dependency that isn’t always portable (and isn’t the point of Docker to be portable?). Fortunately, there is a better solution, and it doesn’t require any tooling beyond the Docker CLI: meet Bake.

Building Multiarch Images with Chainguard Images

Tue, 03 Dec 2024 00:00:00 +0000

(Originally published on the Chainguard blog) Until relatively recently, if you were running containers in the cloud, it was a pretty safe bet that they were running on the x86-64 architecture. In recent years, this has been rapidly changing, with ARM64 architectures starting to command a significant percentage. This has been driven primarily by the energy (and hence cost) savings typically associated with ARM processors. Cloud providers have also been developing custom chips such as Google Axion and AWS Graviton, further pushing uptake.

Stay secure: Strategies and tooling for updating container images

Thu, 01 Aug 2024 00:00:00 +0000

(Originally published on the Chainguard blog) One of the most critical actions to keep systems secure is to apply updates. In modern, containerized infrastructures that will often mean updating containers. A casual observer might expect such a standard and important task to have agreed-on best practices and standardized tooling, but they will likely be shocked by the multitude of different solutions and opinions on this problem. This post will delve into some of the options and try to steer the reader towards a path that works for them and keeps their systems both stable and secure.

Building minimal and low CVE images for Java

Tue, 11 Jun 2024 00:00:00 +0000

(Originally published on the Chainguard blog) At Chainguard, we’re always looking for ways to help communities improve their security practices, especially in conjunction with Chainguard Images. This time, we take a look at Java. In this blog, we’ll walk through how users can port an existing Java application to use Chainguard Images and demonstrate the resultant improvement in size and security. All the Chainguard Images in this blog post are available in the free Developer tier of Chainguard Images.

Building minimal and low CVE images for compiled languages

Tue, 27 Feb 2024 00:00:00 +0000

(Originally published on the Chainguard blog) The first wave of containerization was a revelation. You could download third-party applications like Redis or nginx and have them running in seconds with no configuration. You could put your application on top of a base image like Debian or Ubuntu, ship it to people and be confident that it would work exactly the same for them as it did for you. We had something with the isolation and portability of a virtual machine (VM), but at a fraction of the size.

Annotations and Labels in Container Images

Sun, 25 Jun 2023 00:00:00 +0000

A deep-dive into OCI Annotations and Labels and what the difference is.

Building images for the secure supply chain

Tue, 27 Dec 2022 00:00:00 +0000

(Originally published on the Chainguard blog) During CloudNativeSecurityCon in Detroit, I gave a presentation on how the industry can do a better job of building secure container images. For those that were unable to attend the conference or join the session, the slides and full recording are now available. Here’s a quick look at the major takeaways from the presentation: Start signing your images if you haven’t already. Sigstore and tools like cosign make this really simple, so it’s an easy win that everyone should be doing.

Let's talk about it. And record it.

Sun, 20 Feb 2022 00:00:00 +0000

An incomplete list of some of my recent talks.

Enabling Webmention For Comments

Thu, 06 Jan 2022 00:00:00 +0000

As you may have noticed, I’m in the middle of revamping my blog. It’s now a static site, run via Hugo and Cloudflare Pages. I was planning to use Disqus for comments, but changed my mind when I realised it meant ads and tracking. This led to a search for alternatives which ended in choosing Webmention.

10 Predictions for the Future of Computing or; more Inane Ramblings from Adrian

Mon, 05 Jul 2021 00:00:00 +0000

My predictions for how the industry will change over the next decade or so.

Dealing with Docker Hub Rate Limiting

Mon, 30 Nov 2020 00:00:00 +0000

How to deal with Docker Hub rate limiting.

Linux Capabilities in Practice

Sun, 25 Aug 2019 00:00:00 +0000

Detailed look into how capabilities work showing examples and tools.

Linux Capabilities: Why They Exist and How They Work

Wed, 21 Aug 2019 00:00:00 +0000

An introduction to Linux capabilities, including why we need them and an explanation of how they work

(How To Do) XML Schema Validation

Thu, 21 Nov 2013 00:00:00 +0000

Judging by the popularity of this question on StackOverflow (and my answer), it seems that a lot of people struggle to check the validity of an XML file against an XML Schema. It’s a shame that what should be a trivial task has wasted hours of developer’s lives. In this article I’ll try to offer a few alternatives for various platforms and hopefully make things a bit simpler. There are actually a few different options at your disposal (which is probably part of the problem).