I'm not affiliated with this company at all, but I'm curious what others think.<p>My understanding is that Chainguard offers Docker base images (Chainguard Images) that contain just what's necessary to run the binary (commonly referred to as distroless images). This is in contrast to "regular" Docker images that contain an entire Linux distro baked into the image.<p>By reducing what's included in the image, it becomes far easier to basically generate an SBOM (software bill of materials, i.e. list of all the software in the image) and "prove" that there are no known vulnerabilities in the stack. (I think this "proving" is what the Chainguard Enforce product does.)<p>- Is this overkill for startups, and something that companies will only consider if it's required for something like SOC2?
- Is this a role that a company should fill, or should these distroless images be more community driven?