Wolfi: A community Linux OS designed for the conta...

[SamuelAdams]

I’ve worked in a few industries that were crazy about compliance. Do you have any certifications for different compliances? Ie FedRamp, IL4/5/6, HIIPA, etc.

I don’t think any other container images are strictly compliant with these standards - they’re not certified, but the technology stack (ECS, EKS, etc) is certified. Either way, if you can get this certified with different compliance platforms that would be a big selling point for B2B customers.

[dlor]

We're working on FIPS builds and will self-attest to the NIST SSDF stuff later this fall, but there aren't too many other requirements that directly apply to our images.

The images are very useful for other organizations working on FedRAMP or HIPAA though, even though we don't need to have those ourselves. We wrote a bit more about that here: https://www.chainguard.dev/unchained/fortify-comply-and-conq...