Hey everyone! I'm on the hunt for more affordable (or preferably free) alternatives to Chainguard images that are rebuilt weekly with the latest patches. The costs are really adding up, and my manager is getting anxious about the invoices. I'm specifically looking for tiny base images that manage to stay mostly CVE-free without breaking the bank. What have you all been using?
3 Answers
Mixing distroless images or Alpine with an automated rebuild pipeline could really save you some cash compared to Chainguard while still reducing most CVEs. It's easier to set up than you might think!
You might want to check out Alpine or Debian slim images. They're free, pretty minimal, and you can set up automated rebuilds through CI/CD. If you do weekly rebuilds with vulnerability scans, they'll keep most CVEs at bay. Also, some users are turning to RapidFort or Minimus for community-driven, hardened base images.
Yeah, but I noticed no pricing info for RapidFort or Minimus. Have to reach out to them for accounts, which is a major hassle.
Hey, I actually work at Chainguard! We recently introduced catalog pricing, which some customers find more beneficial for their budgets. If you aren't on that yet, maybe have a chat with your rep to see if it could help you out!
Exactly! Building that pipeline isn’t tough at all. Check out this GitHub repo for distroless examples: https://github.com/GoogleContainerTools/distroless.