Google last week announced the general availability of ‘rules_oci’, an open source Bazel plugin for building container images.
Bazel improves supply chain trust by using dependencies’ integrity hashes. Google uses this build and test tool for creating Distroless base images for Docker.
Distroless images too are meant to improve supply chain security, as they are minimal base images that include only what is necessary for applications to run.
“Using minimal base images reduces the burden of managing risks associated with security vulnerabilities, licensing, and governance issues in the supply chain for building applications,” Google explains.
According to the internet giant, rules_oci, the new ruleset that replaces rules_docker, which was previously used for building container images, provides numerous improvements, including features related to security.
The new plugin can use trusted third-party toolchains, does not require running a docker daemon already on the machine, and does not include language-specific rules.
It also allows for the transparent use of private registries, and provides users with a software bill of materials (SBOM), so they can verify the source of dependencies.
The plugin also supports native signing of images, native support for oci indexes (multi-platform images), improved caching and fetching, and a signed attestation for Distroless images, which includes SBOMs.
“In the end, rules_oci allowed us to modernize the Distroless build while also adding necessary supply chain security metadata to allow organizations to make better decisions about the images they consume,” Google notes.
On Friday, the internet giant announced that version 1.0 of rules_oci is now generally available, accompanied by a guide to help organizations migrate from rules_docker to the new ruleset.
Related: Google Launches New Cybersecurity Analyst Training Program
Related: ATT&CK v9 Introduces Containers, Google Workspace
Related: Google Blocked 1.4 Million Bad Apps From Google Play in 2022
More from Ionut Arghire
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals
- Google Temporarily Offering $180,000 for Full Chain Chrome Exploit
- Toyota Discloses New Data Breach Involving Vehicle, Customer Information
- Adobe Inviting Researchers to Private Bug Bounty Program
- Critical Vulnerabilities Found in Faronics Education Software
Latest News
- Insider Q&A: Artificial Intelligence and Cybersecurity In Military Tech
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- OpenAI Unveils Million-Dollar Cybersecurity Grant Program
- Galvanick Banks $10 Million for Industrial XDR Technology
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Idaho Hospitals Working to Resume Full Operations After Cyberattack
