Azul And ChainGuard Team Up
Written by Nikos Vaggalis   
Tuesday, 22 July 2025

...to secure Java container images that incorporate Azul’s build of OpenJDK.

This is not something new for Chainguard. As we examined back in July 2024 in Chainguard Images Now Come With JCK Certified Java:

Chainguard released OpenJDK Java images which are JCK conformant, adhering to the strict Java standard but also with a twist. The twist is that the images are minimalist and based on Wolfi Linux (Un)Distribution.

The JCK is of course the comprehensive test suite provided by Oracle that validates adherence to the Java specification. This conformance now applies to any Chainguard Image that contains the JDK and JRE latest builds for OpenJDK Java 21.0.3 and Java 22.0.1.

This is now repeated, but in this case by producing images built with Azul’s commercially supported build of OpenJDK that’s part of Azul Platform Core. This enables enterprises to continue to use and receive support for Azul for their Java runtimes which now are going to be based on Chainguard hardened containers.

Security wise this is a win-win situation since a container image doesn't depend only on the JDK; there's other components that might be responsible for cracks on the image's security.

Chainguard tries to alleviate those risks by producing containers that enforce sensible defaults:

  • build-time SBOM as standard for all packages
  • packages are designed to be granular and independent to support minimal images
  • uses the proven and reliable APK package format
  • enables fully declarative and reproducible build systems
  • supports glibc and musl

These defaults address the following issues arising from running containers:

  • Container images tend to lag behind upstream updates, resulting in users running images with known vulnerabilities
  • The common distros used in container images also lag behind upstream versions, resulting in users installing packages manually or outside of package managers
  • Container images typically contain more software than they need to, resulting in an unnecessarily increased attack surface
  • Many container images have no provenance information making it difficult to verify where they came from or if someone has tampered with them
  • They are typically not designed to meet compliance requirements or standards like SLSA

Azul has clearly seen that potential and by basing its JDK build on Chainguard's hardened images, aims to leverage all those benefits to provide more value to its customers.

azullogo

 

 

More Information

Improving Java Container Security with Chainguard and Azul 

Related Articles

Chainguard Images Now Come With JCK Certified Java 

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner

Robot Mall, A Bejing 4S Store
15/08/2025

A new robot shop has opened in Beijing to coincide with the World Robot Conference there. With over 100 products from 40 Chinese manufacturers, you can buy everything from mechanical butlers to human- [ ... ]


+ Full Story
Oxlint Rust Powered Linter Reaches 1.0
26/08/2025

The first stable version Oxlint, a Rust-powered linter developed as part of the Oxc toolchain, has been released. The new linter promises a 50 to 100 times performance improvement over ESLint along wi [ ... ]


+ Full Story
More News

pico book

 

Comments




or email your comment to: comments@i-programmer.info
Last Updated ( Wednesday, 23 July 2025 )