There’s been a massive push for supply chain security in the last few years: integrity protection, vulnerability management, and transparency. This push has left organizations struggling to secure their pipelines and manage vulnerabilities, especially when running in the cloud. Existing tooling doesn’t support supply chain security natively and requires users to bolt on critical features like signatures, provenance, and software bills of material (SBOM).
In this Help Net Security video, Dan Lorenc, CEO at Chainguard, talks about these challenges and how existing Linux distributions don’t have native support for supply chain security. Enter Wolfi – the first community Linux undistribution built with default security measures for the software supply chain.
With Wolfi, developers can start with a secure-by-default foundation that reduces time spent reviewing and mitigating security vulnerabilities and increases productivity.