Chainguard Containers To the Rescue!

Course 4 of 5 in Painless Vulnerability Management

Start using Chainguard Containers to cut CVEs fast, without becoming your team’s full-time patch manager. You’ll learn how Chainguard’s curated distroless images work, how to pull/run images by tag or digest, how nightly builds and the Tag History API support reproducibility, and practical strategies for building and debugging minimal images in real workflows.

Register for the learning path to register for this course

About this course

Chainguard Containers are curated, distroless container images designed for a secure software supply chain: minimal attack surface, low-to-zero vulnerabilities, verifiable signatures, high-quality SBOMs, and automated nightly rebuilds. In this course, you’ll learn how to start using Chainguard Containers in your everyday container workflows and how to migrate from traditional images with far higher CVE counts.

You’ll practice pulling and running images from cgr.dev, choosing tags vs. digests for stability and reproducibility, and selecting the right image variant for your needs (runtime vs. dev/debug). You’ll also learn how the Tag History API helps you pin specific builds and safely manage updates. Finally, you’ll cover practical debugging approaches for distroless images, including dev variants and Kubernetes ephemeral debug containers.

Learning objectives

By the end of this course, you will be able to:

  • Explain what Chainguard Containers are and how they reduce vulnerabilities through minimal design and frequent rebuilds;
  • Identify core supply chain security features included with Chainguard Containers, like SBOMs, signatures, reproducible builds, and nightly builds;
  • Pull and run Chainguard Containers from cgr.dev, including selecting appropriate tags and platforms;
  • Use image digests to pin builds for reproducibility and stability;
  • Use the Tag History API to retrieve historical digests for a given image tag and apply them in Dockerfiles;
  • Choose between distroless runtime images, -dev variants, and wolfi-base based on build/debug needs;
  • Apply practical debugging strategies for distroless containers, including Kubernetes ephemeral debug containers.

Curriculum

  • An Introduction to Chainguard Images
  • How to Use Chainguard Containers 🛠️
  • How to Use the Tag History API 🛠️
  • Debugging Distroless Images 🛠️
  • Wrap Up
  • Test Your Knowledge!

About this course

Chainguard Containers are curated, distroless container images designed for a secure software supply chain: minimal attack surface, low-to-zero vulnerabilities, verifiable signatures, high-quality SBOMs, and automated nightly rebuilds. In this course, you’ll learn how to start using Chainguard Containers in your everyday container workflows and how to migrate from traditional images with far higher CVE counts.

You’ll practice pulling and running images from cgr.dev, choosing tags vs. digests for stability and reproducibility, and selecting the right image variant for your needs (runtime vs. dev/debug). You’ll also learn how the Tag History API helps you pin specific builds and safely manage updates. Finally, you’ll cover practical debugging approaches for distroless images, including dev variants and Kubernetes ephemeral debug containers.

Learning objectives

By the end of this course, you will be able to:

  • Explain what Chainguard Containers are and how they reduce vulnerabilities through minimal design and frequent rebuilds;
  • Identify core supply chain security features included with Chainguard Containers, like SBOMs, signatures, reproducible builds, and nightly builds;
  • Pull and run Chainguard Containers from cgr.dev, including selecting appropriate tags and platforms;
  • Use image digests to pin builds for reproducibility and stability;
  • Use the Tag History API to retrieve historical digests for a given image tag and apply them in Dockerfiles;
  • Choose between distroless runtime images, -dev variants, and wolfi-base based on build/debug needs;
  • Apply practical debugging strategies for distroless containers, including Kubernetes ephemeral debug containers.

Curriculum

  • An Introduction to Chainguard Images
  • How to Use Chainguard Containers 🛠️
  • How to Use the Tag History API 🛠️
  • Debugging Distroless Images 🛠️
  • Wrap Up
  • Test Your Knowledge!
Course

Learn the tools and fundamentals of vulnerability management and why it's critical that every developer understand it.