New Chainguard Academy Course: Linky’s Guide to Chainguard Images

Chainguard Images are minimal, hardened, container images with zero CVEs. We believe they are awesome, and many of our customers agree. They give you the ability to build on a trusted software foundation – a secure base that is future-proof against supply chain threats.

One of our goals is to make this foundation as easily accessible as we can for customers and users of our free Developer Images. To make this vision a reality, we’re excited to announce Linky’s Guide to Chainguard Images, a seven-part course that dives into all the different aspects of Chainguard Images and how they can best be utilized in your production environment. We are also offering Linky’s Crash Course to Chainguard Images, a streamlined version of the course series for those who want to get started as quickly as possible.   

These courses are available now and ready for you to jump in. Let’s break it down, section by section! You can go through these in order, or pick and choose which ones interest you the most.

Getting Started With Chainguard Images

The first course of Linky’s Guide to Chainguard Images, Getting Started With Chainguard Images, teaches you all the key skills for starting your Chainguard Images journey. In this part of the course, you will learn all about image acquisition, management, and security. You’ll learn things like setting up identity authentication, scanning images, and how to update in a secure manner.

Additionally, you’ll get the full scoop on how to navigate Chainguard’s user interface (UI), helping you know where to get the things you need to make your Chainguard Images implementation a success.

Images! Images! Images!

Images! Images! Images! is the second module of the course. This section will enable you to become an expert on some key technical topics, including the significance of different versions, the chainctl command line tool, and how Federal Information Processing Standards (FIPS) images work.

This course is a great way to get familiar with the technical aspects of Chainguard Images and understand exactly what you’re seeing on the screen. Among other things, you’ll be able to retrieve a Chainguard Image's software bill of materials (SBOM) using the cosign command and understand the information provided in the SBOM. And you’ll also be able to use the Tag History API to compare different builds of our Images and understand how to identify differences, such as added or removed vulnerabilities, between image versions.

Registry Rockstar

Registry Rockstar teaches you everything you need to know about managing your organization’s access in the Chainguard Registry.

You’ll learn how to manage user access, onboarding and offboarding users from a Chainguard Registry using chainctl and Chainguard Console with ease. We’ll take you through configuring custom identity providers, an important step in ensuring security. And of course, we’ll talk through how to implement scheduled image copies, set up pull-through caches, and configure remote repositories for pulling Chainguard Images.

Foundations of Software Supply Chain Security

Software supply chain security is often considered a buzzword that is hard to define. It’s a hot topic that encompasses a lot of different things, and has gained a considerable amount of attention in recent years as more and more attacks target critical software infrastructure.

In Foundations of Software Supply Chain Security, we teach you all the foundational knowledge to understand this topic, including important tools and terminology like Common Vulnerabilities and Exposures (CVEs), SBOMs, vulnerability scanning, and more. This knowledge will arm you to have a better understanding of not only the greater public conversation around software supply chain security, but also how these practices can be implemented in your organization to make your software supply chain a safer place.

Crush Your CVEs

One of the most important foundational pieces of knowledge when it comes to software supply chain security is understanding CVEs. In Crush Your CVEs, we help you gain an in-depth understanding of CVEs and their impact, and how you can navigate Chainguard’s CVE tools and resources to better understand how they might be affecting your organization.

There’ll be lots of gold in this section of the course. We’ll touch on how CVEs are first found and reported, how to scan for them, and how to use chainctl to compare different versions of Chainguard Images and find out which vulnerabilities have been patched. You’ll learn why vulnerabilities sometimes surface in Chainguard Images, and what to do when you find one.

Migration Guidance

You’ve done it. You’ve made the decision to purchase Chainguard Images, and you’re excited to migrate over and save yourself tons of time and energy by not having to patch CVEs! But how do you do it in a way that makes sense?

Migration Guidance provides all the information you need to make migration a breeze. This course outlines key differences and features of Chainguard Images, and helps you explore methods for finding, adding, and managing dependencies in Chainguard Images, as well as understanding the use of -dev variants and multi-stage builds. We’ll give you testing strategies for Chainguard Images, including manual testing, testing specific components, and methods for debugging distroless images.

Chainguard’s Superstar Support

Assuming you’ve done all the other sections of this course, onboarding with Chainguard Images should be easy peasy. However, we know that unexpected issues sometimes pop up. Luckily for you, you get to lean on Chainguard’s Superstar Support to ensure your experience is a success!

We’ll teach you how to access Chainguard Academy and navigate the Zendesk portal to find documentation, education materials, and submit support requests. You’ll learn the process of requesting a specific image version through Chainguard’s Zendesk portal, and you’ll be able to recognize the steps to take when vulnerability scanning tools report CVEs in Chainguard Images.

Chainguard Images – The Easy Button for CVEs

We want to ensure that your implementation of Chainguard Images is a success. We’re committed to building the resources and tools you need to ensure that happens. Whether you’re an existing customer, a user of our free images, or just someone interested in learning more about how our product works, there will be plenty of items you can take away from this course to improve the experience for you and your teammates.

We have other courses available, including a deep dive into Securing the AI/ML Supply Chain and Painless Vulnerability Management, a course all about improving your CVE management skills. All our courses are free and jam-packed with the knowledge you need to be a software supply chain security expert.

If this course sparked your interest in learning more about what implementing Chainguard Images at your organization looks like, please reach out. We would love to chat and help your team save time and reduce the CVE burden!