Skip to content

Clarify GPOS SRG profile applies to both FIPS and non-FIPS images#3305

Merged
matthewhelmke merged 3 commits into
chainguard-dev:mainfrom
matthewhelmke:stigs-non-fips-validation
May 8, 2026
Merged

Clarify GPOS SRG profile applies to both FIPS and non-FIPS images#3305
matthewhelmke merged 3 commits into
chainguard-dev:mainfrom
matthewhelmke:stigs-non-fips-validation

Conversation

@matthewhelmke
Copy link
Copy Markdown
Collaborator

@matthewhelmke matthewhelmke commented May 8, 2026

Summary

  • Adds an explicit statement in the intro that the Chainguard GPOS SRG profile applies to all Chainguard Containers, including both FIPS and non-FIPS images
  • Clarifies in the Getting Started section that wolfi-base:latest is a non-FIPS example and any Chainguard Container can be substituted
  • Updates the Learn More section to open with a note that OpenSCAP validation works for both FIPS and non-FIPS images

No commands or technical content changed — this was purely a framing gap.

Closes https://github.com/chainguard-dev/internal/issues/5820

Test plan

  • Verify page renders correctly at /chainguard/chainguard-images/features/image-stigs/
  • Confirm the three new/updated callouts read clearly and don't conflict with existing content

🤖 Generated with Claude Code

matthewhelmke and others added 2 commits May 8, 2026 07:29
@matthewhelmke @claude
Update Artifactory packages pull-through guide to use Docker build se…
0f3af1c 
…crets

Replace hardcoded Artifactory tokens in /etc/apk/repositories with
Docker build secrets, preventing tokens from being stored in image layers
or build history. Resolves internal#5839.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@matthewhelmke @claude
Clarify that GPOS SRG profile applies to both FIPS and non-FIPS images
0b89b6f 
Addresses customer confusion around whether OpenSCAP/STIG validation
is limited to FIPS images. Adds explicit callouts in the intro, Getting
Started section, and Learn More section.

Closes chainguard-dev/internal#5820

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@matthewhelmke matthewhelmke requested a review from a team as a code owner May 8, 2026 13:09
@netlify
Copy link
Copy Markdown

netlify Bot commented May 8, 2026
edited
Loading

Deploy Preview for ornate-narwhal-088216 ready!

Name Link
🔨 Latest commit e218bfe
🔍 Latest deploy log https://app.netlify.com/projects/ornate-narwhal-088216/deploys/69fde1a59bec1e000862d38e
😎 Deploy Preview https://deploy-preview-3305--ornate-narwhal-088216.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@matthewhelmke matthewhelmke self-assigned this May 8, 2026
@matthewhelmke @claude
Revert accidental inclusion of Artifactory pull-through change
e218bfe 
This commit restores the Artifactory packages pull-through guide to its
state on main. The Docker build secrets update was merged separately in
the previous PR and should not be part of this branch.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@matthewhelmke matthewhelmke merged commit d845300 into chainguard-dev:main May 8, 2026
8 checks passed
@matthewhelmke matthewhelmke deleted the stigs-non-fips-validation branch May 8, 2026 13:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@s-stumbo s-stumbo s-stumbo approved these changes

Assignees

@matthewhelmke matthewhelmke

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@matthewhelmke @s-stumbo