If I was a Chainguard customer I would be very worried that they seem to notknow how image scanners work.
If I was a security scanner company I would probably give Dan a call as well, as he is basically saying that you can make an image look like it has zero CVEs - just by changing its label - thats not how it works Dan.
And finally - changing the name of the distro is exactly how Chainguard is reducing their CVE count with their Wolfi distro...
If I was a security scanner company I would probably give Dan a call as well, as he is basically saying that you can make an image look like it has zero CVEs - just by changing its label - thats not how it works Dan.
And finally - changing the name of the distro is exactly how Chainguard is reducing their CVE count with their Wolfi distro...