Describe the state of OSS security in a phrase 🤗
Pinned Tweet
Chainguard ⛓️’s Tweets
Looking for new container tools to try out during the weekend.
Let's start learning the open-source container toolkit developed by to build Wolfi, the first Linux un-distro created specifically for the Cloud Native Era with ⭐️
4
12
Software Dark Matter is the Enemy of Software Transparency: chainguard.dev/unchained/soft
If you want some real-world examples of things missed by scanners, try your scanner on the busybox, node, or wordpress images.
Most scanners miss the primary app (busybox, node and wordpress).
7
18
I will not miss this webinar on #DORA and supply chain security with and suggest you don't either: leap.jfrog.com/WNP-Cloud-2022
2
9
Check out my #kubecon2022 talk with from on how we are using to secure our packages with the help of here at !
10
25
Want to learn more about Wolfi? Register for free for the Wolfi 101 session happening next week!
6
19
Welp, we all learned how much chaos typosquatting can cause 🫣
2
3
24
14
1
33
“In short, it’s time for open source software security advocates and the lawyers to see each other as allies.”
Interesting and thoughtful piece on securing open source software, policy, legal liability & more by & ’s
Quote Tweet
The recent introduction of the Securing Open Source Software Act has stoked a debate about the true reason for the open source security problem and the merits of different solutions.
From @ChinmayiSharma, John Speed Meyers, and James Howison: lawfareblog.com/securing-open-
3
5
Out now!
Strauss Center Scholar in Residence co-authored a piece with John Speed Meyers of & James Howison of the on the Securing Open Source Software Act (SOSSA).
Give it a read: bit.ly/LawfareSOSSA
4
9
Wolfi is magic. I just tried out the upcoming docker image vs. the official bazel image.
Wolfi: 492MB, 0 CVEs
Official bazel image: 1.6GB, 437 CVEs
3
20
67
The recent introduction of the Securing Open Source Software Act has stoked a debate about the true reason for the open source security problem and the merits of different solutions.
From , John Speed Meyers, and James Howison:
7
13
🚨Your software supply chain likely requires a complex investigation when a critical CVE comes along.
⚡️That's why we make software supply chains secure by default - BUILT IN, not BOLTED ON!
Want to learn more? Come find us at
🎤🫳 #CyberwarCON
1
3
13
CYBERWARCON is coming, and it would not be coming but for our amazing sponsors! Thank you Flare Systems and AESIR!
15
56
The November update is out! blog.sigstore.dev/sigstore-novem
Updates include:
* SigstoreCon and community awards
* Ongoing adoption in the #python ecosystem!
* New end-user case studies!
* Project releases and milestones!
7
9
Software Dark Matter is the Enemy of Software Transparency
chainguard.dev/unchained/soft
You only master what you know! team released another really critical tool helping to track #software dark matter, #resources not tracked by OS package managers, so unpatchable.
🙏
7
8
Wow! 70% of customers are demanding containers with zero vulnerabilities!
thenewstack.io/container-secu
If you're looking for help, please reach out to us at ! This is actually possible, and easy with our tooling :)
4
8
34
Working on software supply chain security?
Don't miss the latest research & analysis on software dark matter from , , , & Zack Newman:
chainguard.dev/unchained/soft via
1
10
19
It's finally here!
"Sigstore: Software Signing for Everybody" was published in the SIGSAC yesterday by Zack Newman and !
4
22
39
The holidays are coming up, and you're probably struggling to find a gift for that special CISO in your life.
Look no further! I found the perfect gift:
3
5
39
What will be the future of Twitter? 🤔
- This too shall pass!34.1%
- Closing my account now!7.7%
- Not sure, riding it out!58.2%
91 votesFinal results
3
4
Join me next week for a live session about Wolfi and the amazing tools used to build it!
November 16th, 4pm UTC / 6pm CEST / 11am ET.
You can register for free at this link (limited seats): crowdcast.io/c/wolfi-101
read image description
ALT
9
13
been working on the longer term product plans here and i am so stoked about what's to come!
4
2
27
current state 🤕
3
1
26
Join live as she talks about Wolfi and creating more secure container images and goodies from by Nov 16th.
Limited seats, so you need to get a seat quick.
10
20
when your security tools are bolted on, not built in 🐦🪶
0:07
666 views
1
3
26
Tired of being in a party and not knowing how to explain Kubernetes to all of your friends?
We'll break it all down for you from the beginning
⏰ This Wed at 12pm EST
twitter.com/i/spaces/1djxX
5
27
158
Tools like 's apko and melange create SBOMs right at build time. This grants them full visibility of all components interacting in a build process, thus generating an accurate SBOM that scanners can rely on.
1
4
8
Show this thread
Another Saturday, another 🎣 attempt:
Sounds promising…how should we respond to Ms. Kane?! 🤔
8
1
11
Powered by github.com/chainguard-dev! is very promising and easy to use. Want to see more use-cases with this.
1
1
4
I am hiring a product designer. Please ping me if you're interested.
17
68
85
On November 16, join me and for a live presentation about Wolfi and our work around creating more secure container images 😊 seats are limited, so please register in this link:
3
13
22
Quote Tweet
osquery-defense-kit
Production-ready detection & response queries for @osquery
The detections are formulated to return 0 rows during normal expected behavior, so you can configure them to generate alerts when rows are returned
By @chainguard_dev
github.com/chainguard-dev1
4
13
🛡️ osquery-defense-kit
Production-ready detection & response queries for
The detections are formulated to return 0 rows during normal expected behavior, so you can configure them to generate alerts when rows are returned
By
1
10
29
Suggested Read: GitHub - chainguard-images/go: Lightweight container image for building Go applications github.com/chainguard-ima #devopsish
4
15
1
1
40