More Secure Base Images

Learn how base image choices impact container vulnerabilities, and how to reduce CVEs before you even start building. This course explores why traditional base images create security noise, how Chainguard Containers achieve low-to-zero vulnerabilities, and how Wolfi provides a minimal, secure foundation for modern container images.

Cancel Apply

rate limit

Code not recognized.

About this course

Container vulnerability management doesn’t start with scanning, but rather with your base image. In this course, you’ll explore why many popular base images ship with hundreds of CVEs, how that inherited risk affects everything you build on top of them, and what to look for when choosing a more secure foundation.

You’ll learn how Chainguard Containers achieve low-to-zero vulnerabilities and meet Wolfi, Chainguard’s minimal Linux undistro purpose-built for modern software supply chain security. Along the way, you’ll see how factors like image size, rebuild frequency, SBOMs, signatures, and hardening practices all contribute to reducing risk and operational overhead.

By the end, you’ll understand how Wolfi and Chainguard Containers can help you spend less time fixing CVEs, and give you more time back to build your software.

Learning objectives

By the end of this course, you will be able to:

  • Explain why base images play a critical role in container vulnerability management;
  • Identify common problems with traditional base images, including bloat and inherited CVEs;
  • Describe the key characteristics of a secure base image (minimality, rebuild cadence, SBOMs, signatures, hardening);
  • Explain what Wolfi is and why it’s designed as a Linux “undistro”;
  • Understand how Wolfi supports low-to-zero vulnerabilities and modern supply chain security practices;
  • Articulate how Chainguard Containers leverage Wolfi to reduce CVE management effort;

Curriculum

  • I Can Has CVE Bliss?
  • All About That Base Image
  • Meet Wolfi, a Small Solution For a Big Problem!
  • Wrap Up
  • Test Your Knowledge!

About this course

Container vulnerability management doesn’t start with scanning, but rather with your base image. In this course, you’ll explore why many popular base images ship with hundreds of CVEs, how that inherited risk affects everything you build on top of them, and what to look for when choosing a more secure foundation.

You’ll learn how Chainguard Containers achieve low-to-zero vulnerabilities and meet Wolfi, Chainguard’s minimal Linux undistro purpose-built for modern software supply chain security. Along the way, you’ll see how factors like image size, rebuild frequency, SBOMs, signatures, and hardening practices all contribute to reducing risk and operational overhead.

By the end, you’ll understand how Wolfi and Chainguard Containers can help you spend less time fixing CVEs, and give you more time back to build your software.

Learning objectives

By the end of this course, you will be able to:

  • Explain why base images play a critical role in container vulnerability management;
  • Identify common problems with traditional base images, including bloat and inherited CVEs;
  • Describe the key characteristics of a secure base image (minimality, rebuild cadence, SBOMs, signatures, hardening);
  • Explain what Wolfi is and why it’s designed as a Linux “undistro”;
  • Understand how Wolfi supports low-to-zero vulnerabilities and modern supply chain security practices;
  • Articulate how Chainguard Containers leverage Wolfi to reduce CVE management effort;

Curriculum

  • I Can Has CVE Bliss?
  • All About That Base Image
  • Meet Wolfi, a Small Solution For a Big Problem!
  • Wrap Up
  • Test Your Knowledge!
Course

Learn the tools and fundamentals of vulnerability management and why it's critical that every developer understand it.