CJChristian Johannseninbreakglass.hashnode.dev·4d ago · 7 min readThe question the Security Advisory dashboard can't answerUpdate — June 21, 2026 After publishing this, I kept hitting one edge case: the chainctl images advisories list approach means a round-trip per image, and for large registries (300+ repos) the paralle00
CJChristian Johannseninbreakglass.hashnode.dev·Apr 30 · 4 min readMinimizing Attack Surface in Container Images via Chrooted Runtime CompositionWith multi-stage Dockerfiles, commonly used for distroless container images, some interesting challenges arise in the process of building an image. Here is a typical example of a Dockerfile installing00
CJChristian Johannseninbreakglass.hashnode.dev·Apr 9 · 11 min readWhich of our Containers are Chainguard?The full implementation is on GitHub: cjohannsen81/container-os-discovery The question I kept getting It started as a reasonable ask. A security-conscious customer — one of many migrating their workl00
