วีดีโอ

Hey guys! Awesome video by the way. I put in an application for your IT Specialist opening! I love what you do, and would love a shot at joining the team! -Sam Greilick

this is so freaking cool

SO they are a company on top of Chainguard ?

The octopus as a symbol for stealthy attacks captures the essence of modern cybersecurity challenges. Kudos to the Chainguard team.

Hey great content. I got a question: I checked you github code: * Compile with: * gcc -D_FORTIFY_SOURCE=0 -fno-stack-protector fortify.c -o fortify * * Then try different values for FORTIFY_SOURCE and enabling stack protection. isn't -fno-stack-protector disables stack protection? shouldn't the flag be -fstack-protector ?

Thanks for the analysis! Just a quick off-topic question: I have a SafePal wallet with USDT, and I have the seed phrase. (alarm fetch churn bridge exercise tape speak race clerk couch crater letter). Could you explain how to move them to Binance?

Erika, are you from Brazil?

Video TOP!

Why not to have prepared ca-certificates bundle in secrets and mount it by known path? Why prefer to change versioned artefacts instead of using external updatable data?

It might be a "business secret" to Chainguard but worth asking 😜. Do you build everything from source then? Also what happens if a flux dependency, say one of the Go modules that it uses, has a vulnerability? Do you essentially rebuild everything yourselves, or is it something you'd have to wait for the flux maintainers to update? I always use Chainguard images where possible and love the work you're all doing over there!

I loved the lesson, but I'm in the process of creating a java zulu image using Melange and APKO

Linky! Inky has evolved!🐙

Hi! Is it possible send a apko created customized image to my docker hub?

Nice video Adrian, I'll take a look into incert, looks like it could be a useful tool!

Great demo of both kubectl and cdebug capabilities! I like how the consistency of your images makes the Chainguard's variant of the debugger image work nicely with the Chainguard's variant of Nginx. A couple of notes on cdebug: - Often, there is no need for `cd /proc/1/root` because cdebug tries to chroot the debugger's shell to /proc/1/root automatically - cdebug is not limited to Kubernetes - it also works with Docker (Desktop and CE) and even vanilla containerd 😉

We (Ok, Adrian) made a mistake in this video. We do keep old versions of APKs, so it's possible to build images from months or even longer ago without issue. To date we have never withdrawn an APK. We currently retain all of these package versions indefinitely (only servicing latest), but in the future we may age things out just to manage the size of the index

Awesome! Small drops of knowloedge are always welcome. Thanks for creating that and thanks for TH-cam recommending it, because I never heard of Chainguard before. Nice aquatic animal by the way :)

That's me! (cue Joey from Friends meme)

IMPORTANT! 13:39 pip install openai 😄And if you get the error "ModuleNotFoundError: No Module Named openai", install it in the interpreter path. If you don't know how to do that, search for the error on Stackoverflow to find the solution.

is there a writeup for this somewhere trying to use a different base image than wolfie so i am not sure how to replicate some of the commands.

PS does chainguard have cuda images? Any recommendations to making cuda baaed images safer

Thx helpful

For those that try out what is seen at 31:00 and also run into troubles: 1) the path to the yaml needs to be stated absolute (/work/apko.yaml) 2) If you, like me, need to add the musl libc "so:libc.musl-x86_64.so.1" (as printed out with apk info --depends <package>) to the package list, you will run into issues as apko tries to build a multi-arch image. You need to add "--arch x86_64" to the build command line!

Very helpful, thanks.

This Awsome, I wold like te se more things like this

Thanks Dan!

Talk starts at 9:28 :)

you guys need a Discord server.

Thanks for sharing, I hope more video shows build like this.

Great explanation and a must for reproducibility! Thanks! One question: How should you handle the multi arch issue with different digests in Dockerfile or docker-compose? Separate dockerfile of compose or can they be made conditional?

great video <3

super useful, learned great tips!

great video <3

Thanks for sharing how you work through the build process!

Instead of using YAML to define installed packages, it would be MUCH better to use a declarative language like what nix and guix use.

What are the benefits of using an 'undistro' over a webassembly runtime?

Inky is soo cute! 😍

insightful, thanks :)