This repository provides resources intended for software engineers that work on vulnerability scanners, in order to help them correctly implement support for Chainguard Images and the Wolfi (un)distribution.

If you're unfamiliar with Chainguard Images, Wolfi, or the security data published by Chainguard, take a quick read through Foundational Concepts.

Next, to learn how to implement support for Chainguard Images and Wolfi in your vulnerability scanner, look at Scanning Implementation.

Finally, when you're ready to verify that your scanner produces the correct results for a given scan target, look at Verifying Scan Results.

Important: In order to officially support Chainguard Images and Wolfi, your scanner must meet the criteria defined in Verifying Scan Results.