Certified Official Images

Build and run containers with confidence.

Leverage on the secured images based on the leading tools to audit and analyze vulnerabilities. Increase exposure of flaws on zero thrust environments to ease the development lifecycle.

The Official Images are provided with an extense report of layers, exposures, enhancements and digital signatures to give you confidence to build over the Trusted Official Images from SIGHUP.


datacenter

Hardening

Linted and Secured images

Our base images are, reviewed extensively with state of the art security tools to ensure a cohesive and secure environment for your application.

And provide security fixes automatically!

Extensive Reporting

Detailled report on each image

Every single detail are exposed in a complete report to unuderstand where you're running you application. With full disclosure of vulnerabilities and linting errors that could lead you to future problems

Visibility

Complete Dockerfile and signatures

Each Trusted Base Image comes with the complete stack of layers in the report, so you can know what's going on in a single central point of trust. We know that security is not optional anymore, so you can check consistency with the digital signatures of our images.

What we do:

Upstream Base Image

Digest SHA collect

We retrieve and track changes on the trunk base image

Linting

Collect possible edgecases errors and attack vectors

Check Vulnerabilities

Collect all problematic packages and vulnerabilities

Hardening

Remove unneded packages and upgrade required ones

Reporting

Daily creation of a complete report with all the image layers, linting issues and the vulnerabilities involved in the image

Certify the image

What you do:

FROM <Base Image>

As complex as you want

Increase resilence and security even on multi-stage images to ensure reproductible builds

Add your application!

Setup and configure your application in the hardened base image

PUBLISH IT!
container-example