Overview of CIS Benchmarks
A brief overview of CIS Benchmarks and how they can be used.
3 min read
SLSA Compliance at Chainguard
A brief overview of SLSA and Chainguard's compliance efforts.
3 min read
SLSA (pronounced “salsa”), or Supply chain Levels for Software Artifacts, is a security framework consisting of standards and controls that prevent tampering, improve integrity, and secure packages and infrastructure. It is described in depth in What is SLSA?.
Chainguard Containers and Guarded VMs are SLSA Level 3 compliant to provide confidence in the security of these products. Other Chainguard products, such as Chainguard Libraries, are SLSA Level 2 compliant and work is being done to bring them to level 3.
This page describes what we have done and are doing to bring Chainguard products into full SLSA Level 3 compliance.
Isolated and Tamper-Resistent Builds
Every Chainguard build now runs in a dedicated, ephemeral environment that starts from a clean slate. This build isolation ensures that no build can influence another, eliminating insider meddling or cross-contamination between builds. By provisioning short-lived build environments on demand, we greatly reduce the risk of any malware persistence or cache poisoning across builds.
Unforgeable Provenance and Chain of Trust
SLSA 3 requires that each artifact’s provenance (the record of how, when, and by whom it was built) be generated by a trusted service and cryptographically signed. In our process, the build system’s control plane creates this tamper-proof provenance data — build runners cannot falsify it. This means every container image or VM has an auditable “paper trail” back to its source, establishing a robust chain-of-trust for our software.
Secured Signing Keys and Secrets
We’ve further hardened our build platform to protect sensitive credentials. Signing keys and other secrets never reside on the build workers; instead, signing happens in a separate, secure service after the build completes. This separation ensures that even if a build job were compromised, it cannot access the keys needed to sign artifacts or attestations. By keeping signing operations isolated and secured, we prevent attackers or rogue insiders from forging trusted artifacts.
Full Traceability and Transparency
With SLSA 3, every Chainguard artifact comes with detailed metadata and documentation about how it was built. We generate build provenance and a Software Bill of Materials (SBOM) for each release, with complete visibility into the software supply chain behind our Container and VM images.
Looking to the Future
Reaching SLSA Level 3 compliance with any product is a major achievement, but even more is planned.
See the blog post announcement for more details.
Sample Provenance Code
To pull an attestation, you must first authenticate to Chainguard’s registry.
Then you can download an attestation of provenance.
If you are a customer, replace $CUSTOMERNAME in this example with your Chainguard registry customer name.
cosign download attestation --predicate-type=https://slsa.dev/provenance/v1 cgr.dev/$CUSTOMERNAME/node-fips:latest | jq -r .payload | base64 -d | jq .predicateThis example returns the following output:
{
"buildDefinition": {
"buildType": "https://chainguard.dev/buildtypes/apkoaas/v1",
"externalParameters": {
"image-configuration": {
"accounts": {
"groups": [
{
"gid": 65532,
"groupname": "nonroot"
}
],
"run-as": "0",
"users": [
{
"gid": 65532,
"homedir": "/home/nonroot",
"uid": 65532,
"username": "nonroot"
}
]
},
"annotations": {
"dev.chainguard.package.main": "bash",
"org.opencontainers.image.authors": "Chainguard Team https://www.chainguard.dev/",
"org.opencontainers.image.base.digest": "sha256:fbc73f29218d5f88f09a0b5593a6f8ad7ea521e6406a3d30fad211935fb6a6a7",
"org.opencontainers.image.source": "https://github.com/chainguard-images/images-private/tree/main/images/bash",
"org.opencontainers.image.url": "https://images.chainguard.dev/directory/image/bash/overview",
"org.opencontainers.image.vendor": "Chainguard"
},
"archs": [
"amd64"
],
"contents": {
"packages": [
"bash=5.2.37-r33",
"busybox=1.37.0-r46",
"ca-certificates-bundle=20241121-r42",
"chainguard-baselayout=20230214-r13",
"curl=8.14.1-r2",
"cyrus-sasl=2.1.28-r42",
"gdbm=1.25-r2",
"glibc-locale-posix=2.41-r50",
"glibc=2.41-r50",
"heimdal-libs=7.8.0-r41",
"keyutils-libs=1.6.3-r35",
"krb5-conf=1.0-r6",
"krb5-libs=1.21.3-r42",
"ld-linux=2.41-r50",
"libbrotlicommon1=1.1.0-r5",
"libbrotlidec1=1.1.0-r5",
"libcom_err=1.47.2-r22",
"libcrypt1=2.41-r50",
"libcrypto3=3.5.0-r3",
"libcurl-openssl4=8.14.1-r2",
"libgcc=15.1.0-r1",
"libidn2=2.3.8-r2",
"libldap=2.6.10-r2",
"libnghttp2-14=1.66.0-r0",
"libpsl=0.21.5-r5",
"libssl3=3.5.0-r3",
"libunistring=1.3-r3",
"libverto=0.3.2-r5",
"libxcrypt=4.4.38-r2",
"ncurses-terminfo-base=6.5_p20241228-r3",
"ncurses=6.5_p20241228-r3",
"readline=8.2.13-r5",
"sqlite-libs=3.50.1-r0",
"wolfi-baselayout=20230201-r21",
"zlib=1.3.1-r50"
],
"repositories": [
"https://apk.cgr.dev/f69ce42a381de40f0f386e5633b145e40ef84de3"
]
},
"entrypoint": {
"command": "/bin/bash -c"
},
"layering": {
"budget": 10,
"strategy": "origin"
}
}
},
"internalParameters": {
"cloud": {
"instanceId": "0069c7a98814814175f936ea53c1d4106d910363a23ae2c7e1a8caae21b5c3a0e95ff40d47fcba2fa188ee3fef00c860323d445a8e89c2f864fc5bf5525d6c87f9fb6ea7caf33008b353bb7f0f74b095dc1d769c5dcf15",
"region": "projects/554579655540/regions/us-central1",
"type": "gcp"
}
}
},
"runDetails": {
"builder": {
"id": "https://chainguard.dev/prod/builders/apkoaas/v1",
"version": {
"apko": "v0.27.9",
"apkoaas": "16913c6fa81a3c5448ae25068359c040dcb50a73"
}
},
"metadata": {
"finishedOn": "2025-06-24T08:00:45.200379604Z",
"startedOn": "2025-06-24T08:00:42.738341658Z"
}
}
}Last updated: 2025-07-23 01:24