Chainguard Images Now Come With JCK Certified Java
Written by Nikos Vaggalis   
Thursday, 25 July 2024

Chainguard has released OpenJDK Java images which are JCK conformant, adhering to the strict Java standard but also with a twist. The twist is that the images are minimalist and based on Wolfi Linux (Un)Distribution. What's the deal with that?

chainguard

Wolfi is a community Linux (un)distribution that is built with security measures necessary for securing the software supply chain such as signing and sensible defaults. The defaults that it enforces on container images are:

  • build-time SBOM as standard for all packages

  • packages are designed to be granular and independent to support minimal images

  • uses the proven and reliable APK package format

  • enables fully declarative and reproducible build systems

  • supports glibc and musl

As far as the 'un' in (un)distribution goes, it means that Wolfi is not a full Linux distribution designed to run on bare metal. Instead it is a stripped-down version designed for the cloud era as it doesn't include a Linux kernel but relies on the environment, such as the container runtime, to provide it. This is so, so that dependencies are as much as possible minimized in order to reduce potential attack surfaces and to simplify actions such as auditing, updating and transferring images. Chainguard's ultimate aim is to eradicate CVEs from containers.

On top of that we now get JCK certified Java runtimes. The JCK is a comprehensive test suite provided by Oracle that validates adherence to the Java specification. This conformance now applies to any Chainguard Image that contains the JDK and JRE latest builds for OpenJDK Java 21.0.3 and Java 22.0.1.
JCK compliance ensures that Java applications will run consistently across different platforms and devices, and that they are compatible with other Java implementations.

This means that Chainguard's Java base images are fully compatible and conform to the rigorous standards set out for Java SE 21 and 22 for both compiler and runtime.
It's a scheme akin to Bellsoft adding CRaC enabled OpenJDKs in its Alpaquita containers, as we examined in "Liberica Alpaquita Containers Now Come With CRaC"

The Chainguard images are available on cgr.dev and can be pulled with:

for JRE

docker pull cgr.dev/chainguard/jre:latest

for JDK

docker pull cgr.dev/chainguard/jdk

To put it into practice, if you've written a simple Java class say HelloWolfi.java, to containerize it you would:

Following that, you can build the image:

docker build -t my-java-app .

and run it by referencing this tag, as in the following command:

docker run my-java-app

This way you get the best of two worlds; solid Java on secure containers. 

chainguard

More Information

JDK image

JRE image
 

Related Articles

Happy Birthday To Wolfi Linux Undistro

Liberica Alpaquita Containers Now Come With CRaC  

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner

Anthropic Launches Prompt Caching With Claude
19/08/2024

Anthropic has added Prompt Caching as a feature that it claims makes it more practical and cost-effective to use Claude's capabilities for complex, long-term projects that require consistent access to [ ... ]


+ Full Story
GitHub Reveals Regional Variation In AI Usage
21/08/2024

Almost all software developers in a survey covering the USA, India, Brazil and Germany have used AI tools, but company support varies by region. While the US companies shows strong support, with 88% o [ ... ]


+ Full Story
More News

kotlin book

 

Comments




or email your comment to: comments@i-programmer.info
Last Updated ( Thursday, 25 July 2024 )