Ghostboard pixel Skip to content

Wolfi: The Linux Un(distro) Improving Cloud Software Supply Chain Turns One!

An interesting project that helps secure software supply chain turns one!

Wolfi has turned one!

I am not talking about the world's smallest octopus, but a Linux distro taking inspiration from the little one.

It is a community-driven, container-focused Linux distribution designed to secure the software supply chain. The creators (Chainguard) call it an “Undistro”.

Wolfi aims to deal with the shortcomings of containers, primarily used to build and ship software.

Let's take a look at its journey so far, and what's in store for the future.

Suggested Read 📖

Wolfi is a Linux Un(distro) Built for Software Supply Chain Security
Wolfi is a Linux undistro that focuses on resolving security issues with the software supply chain. Explore more here.

Wolfi: Project's Achievements 🐙

a banner with the wolfi logo

Since Wolfi began its journey last year, it has come a long way, with over 1,300 package configs housed in the Wolfi repo and over 18,000 packages in the Wolfi index.

60 contributors have been involved with this project, with more than 4,400 pull requests being merged into the Wolfi repo on GitHub over the past year.

They have also achieved a solid package update interval of less than 24 hours, 80 percent of the time on their GitHub projects, with support for vulnerability scanning tools such as Docker Scout, Snyk, Wiz, and more.

As Wolfi follows a rolling release approach, it also worked on delivering fixes to newly found CVEs quickly.

All of these achievements allowed them to pioneer some key technical innovations that include:

  • Building 64-bit ARM versions of all Wolfi packages.
  • Implementation of full-source bootstrapping for Go and Java.
  • Introduction of the Rustls TLS library for handling memory safety vulnerabilities.
  • A new project called 'wolfi-act' that leverages Wolfi packages to be used dynamically within GitHub actions.

You're maybe wondering: what does the future entail?

Well, the folks behind Wolfi want it to improve it as a community-driven project that can someday become the most trusted distro for containerized workloads. With hopes that builders everywhere can make use of Wolfi's full potential to solve various problems.

Furthermore, they share about a use-case of Wolfi:

One clear use case of Wolfi in practice today is Chainguard Images–which is why we set out to build the project. Chainguard Images is just one of the solutions Wolfi has enabled and we encourage more users and the community to explore what's possible to build with Wolfi for years to come.

As per their press release, they also mention that the full-source bootstrapping for Rust and other language ecosystems will be added in the near future.

💬 Have you used Wolfi before? How was your experience with it?

More from It's FOSS...