ritvikarya98's comments

ritvikarya98 · 2026-02-01T00:08:18 1769904498

Hi thanks for looking - I would preferably more info on your setup, but this is similar to using any container image. Currently all the tags are latest and if you have that setup you would pick that up from this repo and pretty sure this can be automated.

ritvikarya98 · 2026-01-31T23:20:52 1769901652

Thanks! but these are builder images, not the final runtime. Chisel only really makes sense after the binary is built and you know what it needs at runtime. Before that you are pulling in whole packages, which is why things like ncurses might show up, similar to chainguard's image. For a builder, it is just SBOM noise and not something the app ever executes. Its hard to identify what you need before running the application, and you can always find a library you don't need. The “only your app should be executable” idea works for fully static binaries, but once you use glibc or CGO you already have other executables.

Dayshine · 2026-02-01T17:21:10 1769966470

Then why are these labelled as "production" ready?

And surely redis is a runtime image?

ritvikarya98 · 2026-01-31T21:08:36 1769893716

Thanks for looking into this! I agree with you and hence I'm also relying on Wolfi packages, which will ensure they are updated as soon as upstream is available so I'm piggy backing on that. Github Actions run daily/weekly based on the cadence and once the pipeline is setup do not require a significant effort imo. And I want it to be community driven so we can add images as and when people want it and build it accordingly. Chainguard tools surely help with this! I aim to show that companies can try and build internal pipelines like this for all images in their repository

hobofan · 2026-01-31T22:18:17 1769897897

Isn't this mostly the same thing that Chainguard already provides themselves? E.g. the "Free" images on their page [0] have a big overlap with the toolchains from your repo.

[0]: https://images.chainguard.dev

ritvikarya98 · 2026-01-31T22:33:44 1769898824

Some images do overlap yes, but they are some of the most popular ones used and I wanted to demonstrate how they can be build as well. Half of them are only available through paid versions. I will be adding new images on regular basis, based on usage and impact.

Imustaskforhelp · 2026-02-01T00:11:33 1769904693

> Some images do overlap yes, but they are some of the most popular ones used and I wanted to demonstrate how they can be build as well. Half of them are only available through paid versions. I will be adding new images on regular basis, based on usage and impact.

This looks really good. Good luck for your project!

Also a quick question but when you mention Minimal being well.. Minimal? How much more minimal would it be compared to say alpine?

Also maybe I should stop saying so many times minimal in this comment haha!

ritvikarya98 · 2026-02-01T03:05:30 1769915130

I think it depends on your use case, an image can be as small as default static, but if you need more, we need to add packages. Minimal images make sure we do that with least attack surface.

hobofan · 2026-01-31T23:32:41 1769902361

Ah, nice! I also just tried to look up how the official Chainguard images are built, and while the are open source they are less straightforward to follow.

I was looking into how to create more secure container image and this looks like a great resource! :)

ritvikarya98 · 2025-10-07T00:42:09 1759797729

Presenting doccopy for anyone playing around with containers. This tool creates a new container which is a clone/duplicate of the input container. It can be useful for anyone trying to run multiple containers for perform a task and instead use this.