Mastering Base Image Migrations With Chainguard

Course 8 of 14 in Chainguard Containers Onboarding Guide

Learn how to migrate real apps from “it works on Debian” to minimal, secure Chainguard base images.

Cancel Apply

rate limit

Code not recognized.

About this course

This hands-on course walks you through migrating an application to Chainguard base images, starting on -dev and finishing on distroless. Along the way you’ll practice multi-stage builds, dependency hunting, and common gotchas (e.g., CMD vs ENTRYPOINT, APK vs APT, non-root, and glibc/musl differences). Ideal for teams ready to make Chainguard their new normal.

After this course, you will be able to

  • Explain the difference between app images and base images, and when to use each.
  • Read image specs/SBOMs to understand users, entrypoints, and what’s actually in your image.
  • Convert real-world Dockerfiles to Chainguard using APK (not APT) and run as non-root.
  • Use a -dev image to build, then ship a distroless runtime with a multi-stage Dockerfile.
  • Map and install OS-level dependencies (build vs. runtime), including Python/uv cases.
  • Troubleshoot common pitfalls: CMD vs ENTRYPOINT, missing shells, binary lookups, libc detection.
  • Choose the right path to production: copy-by-binary, Custom Assembly, or the chroot method—and know the tradeoffs.
Course Details

  • Software Engineers, DevOps, teams

  • 90-120 min

  • 17 Lessons

 

Curriculum

  • Getting Started
  • Why Base Image Migrations Matter
  • Setting Up Your Environment
  • Understanding Base Images
  • Why You Can’t Just Change the FROM Line
  • Where to Begin with Base Image Migrations
  • Not All Languages Are the Same
  • Dev Image Migration
  • Introduction to Dev Image Migration
  • Working with APK Packages
  • What to Do If You Can’t Find a Package
  • Chainguard Nuances to Watch Out For
  • 🛠️ Demo: Migrating to a Dev Image
  • 🛠️ Demo: Using DFC for Dev Image Migration
  • Multistage Build Migration
  • Multistage Builds and Distroless
  • The Chroot Method for Multistage Builds
  • Final Considerations
  • 🛠️ Demo: Migrating to a Distroless Multi-Stage Build
  • Wrap-Up
  • Wrapping Up: Key Takeaways for Successful Migration

About this course

This hands-on course walks you through migrating an application to Chainguard base images, starting on -dev and finishing on distroless. Along the way you’ll practice multi-stage builds, dependency hunting, and common gotchas (e.g., CMD vs ENTRYPOINT, APK vs APT, non-root, and glibc/musl differences). Ideal for teams ready to make Chainguard their new normal.

After this course, you will be able to

  • Explain the difference between app images and base images, and when to use each.
  • Read image specs/SBOMs to understand users, entrypoints, and what’s actually in your image.
  • Convert real-world Dockerfiles to Chainguard using APK (not APT) and run as non-root.
  • Use a -dev image to build, then ship a distroless runtime with a multi-stage Dockerfile.
  • Map and install OS-level dependencies (build vs. runtime), including Python/uv cases.
  • Troubleshoot common pitfalls: CMD vs ENTRYPOINT, missing shells, binary lookups, libc detection.
  • Choose the right path to production: copy-by-binary, Custom Assembly, or the chroot method—and know the tradeoffs.
Course Details

  • Software Engineers, DevOps, teams

  • 90-120 min

  • 17 Lessons

 

Curriculum

  • Getting Started
  • Why Base Image Migrations Matter
  • Setting Up Your Environment
  • Understanding Base Images
  • Why You Can’t Just Change the FROM Line
  • Where to Begin with Base Image Migrations
  • Not All Languages Are the Same
  • Dev Image Migration
  • Introduction to Dev Image Migration
  • Working with APK Packages
  • What to Do If You Can’t Find a Package
  • Chainguard Nuances to Watch Out For
  • 🛠️ Demo: Migrating to a Dev Image
  • 🛠️ Demo: Using DFC for Dev Image Migration
  • Multistage Build Migration
  • Multistage Builds and Distroless
  • The Chroot Method for Multistage Builds
  • Final Considerations
  • 🛠️ Demo: Migrating to a Distroless Multi-Stage Build
  • Wrap-Up
  • Wrapping Up: Key Takeaways for Successful Migration
Course

Learn the tools and fundamentals of vulnerability management and why it's critical that every developer understand it.