This week, Chainguard unveiled Wolfi, a Linux OS distribution with fewer features aimed at enhancing software supply chain security.
The community Linux distribution, which can be found on GitHub, was developed especially for use with containers and cloud-native applications, and it supports Chainguard images, the company’s collection of curated distroless images. In order to be highly adaptable, Wolfi, which is named after the star-sucker pygmy octopus, the smallest known octopus, relies on the environment’s kernel rather than having its own. It also adds support for both glibc and musl.
The software supply chain security company claims that Wolfi uses the APK package format, delivers build-time software bills of material (SBOM) for all packages, and has a declarative and reproducible build system. Wolfi packages support minimal images and are granular and independent.