The intersection of entities whose security is based around "responding to every CVE quickly" and the entities that care about supporting OSS projects has measure zero.

What's the process to add new images?

I assume this is limited to CVEs in the underlying layers, and adding in the latest of the primary package. Given that how/are you testing the images after you fix the CVEs?

How does this compare with something like IronBank? Looks like that could be a great partnership!

> New SecureBuilds are created whenever upstream CVEs are available, with a 6-day SLA for critical vulnerabilities.

Aren't most SecOps pushing 48 hours as the absolute limit for critical vulns or are ours just being extra pushy?

thanks for sharing. what's the onboarding process look like? if i'm maintaining my own Dockerfiles today, do you or I evaluate and port those to SecureBuild/Wolfi?

this looks cool - your homepage video should open with what it is though!