From b138d8ca4cd4b4fc0a07e9c7ae61730cea19abc0 Mon Sep 17 00:00:00 2001 From: David Kilfoyle <41695641+kilfoyle@users.noreply.github.com> Date: Fri, 10 Jan 2025 11:19:00 -0500 Subject: [PATCH] Add description of Wolfi container install image (#42268) --- libbeat/docs/shared-beats-attributes.asciidoc | 1 + libbeat/docs/shared-docker.asciidoc | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/libbeat/docs/shared-beats-attributes.asciidoc b/libbeat/docs/shared-beats-attributes.asciidoc index 7b04a7e87cca..6d523594ae78 100644 --- a/libbeat/docs/shared-beats-attributes.asciidoc +++ b/libbeat/docs/shared-beats-attributes.asciidoc @@ -2,6 +2,7 @@ :beats-ref-all: https://www.elastic.co/guide/en/beats/libbeat :dashboards: https://artifacts.elastic.co/downloads/beats/beats-dashboards/beats-dashboards-{version}.zip :dockerimage: docker.elastic.co/beats/{beatname_lc}:{version} +:dockerimage-wolfi: docker.elastic.co/beats/{beatname_lc}-wolfi:{version} :dockerconfig: https://raw.githubusercontent.com/elastic/beats/{branch}/deploy/docker/{beatname_lc}.docker.yml :downloads: https://artifacts.elastic.co/downloads/beats :libbeat-processors-dir: {beats-root}/libbeat/processors diff --git a/libbeat/docs/shared-docker.asciidoc b/libbeat/docs/shared-docker.asciidoc index 1c62313bed07..b0cb273ccc03 100644 --- a/libbeat/docs/shared-docker.asciidoc +++ b/libbeat/docs/shared-docker.asciidoc @@ -35,6 +35,16 @@ https://www.docker.elastic.co[www.docker.elastic.co]. ifndef::apm-server[] +As another option, you can use the hardened link:https://wolfi.dev/[Wolfi] image. +Using Wolfi images requires Docker version 20.10.10 or higher. +For details about why the Wolfi images have been introduced, refer to our article +link:https://www.elastic.co/blog/reducing-cves-in-elastic-container-images[Reducing CVEs in Elastic container images]. + +[source,terminal,subs="attributes"] +---- +docker pull {dockerimage-wolfi} +---- + ==== Optional: Verify the image You can use the https://docs.sigstore.dev/cosign/installation/[Cosign application] to verify the {beatname_uc} Docker image signature.