Snyk ❤️ Chainguard, OpenTofy, Taskfile
News #3: Snyk container supports Wolfi and Chainguard Images, OpenTofu: A New Open Source Alternative to Terraform, Task plans to support remote taskfiles
Snyk container now supports Wolfi and Chainguard images
In a previous article Shrink to Secure: Kubernetes and Compact Containers, I have already discussed at length how tiny containers are secure by default because they reduce the attack surface for possible container vulnerabilities.
In the same article, I have introduced both the company Chainguard and their new container base image called Wolfi. Chainguard is not just Wolfi. They also create distroless versions of popular application images. A full list of chainguard images can be found in their catalogue.
I have also introduced, some of the security tools that I use on a daily basis to scan for container vulnerabilities. Snyk container is another one of those, similar to Docker scout or Aqua Trivy.
You can use the Snyk container command to scan for container vulnerability of many operating system base images. Including now any base image from Chainguard and Wolfi-based images.
The news about the support for Chainguard Images and Wolfi was released by Snyk at Snyk container enhancements.
OpenTofu: A New Open Source Alternative to Terraform
In a previous article named Hashicorp's open-source exodus: Redefining DevOps in a Closed-Source Era, I have already discussed how the move by Hashicorp from an open-source license to the Business Source License gave birth to a new open-source Terraform fork called OpenTF.
On September 20, 2023, the Linux Foundation, home of many famous open-source projects, announced support for OpenTF by renaming the project OpenTofu and giving it a new home.
Aside from the name change, this is massive news. Being supported by the Linux Foundation might give a fighting chance to this project.
While I am optimistic about this news, I still think that I will personally invest my time in more developer-friendly solutions like Pulumi or Crossplane as I have already discussed in the same article.
One more reason to invest in Pulumi is that Pulumi supports Cuelang.
I have written about Cuelang as an alternative to YAML in my article named CueLang: A Better Alternative for Kubernetes manifests.
Task plans to support remote Taskfiles
Task, the task runner written in Golang that I have introduced in my article a modern alternative to Makefile, has recently started working on some experimental features, behind feature flags, called Experiments.
One of those Experiments is called Remote Taskfiles and it would allow to specify the URL of a remote Taskfile to include as it was a local file. This feature would make it easier to create libraries of Taskfiles, that you can keep in separate different Git repositories but then reference without copying them around.
This feature is something that I have been personally waiting for a while now, so I hope that it will go GA soon.
More on this topic can be found in the official Taskfile issue.
Disclaimer: Those Experiments might introduce breaking changes and so they are only intended for testing and feedback only.