Significantly reduce CVEs in Elastic container images by switching to using Chainguard minimal base images in our Elastic products and optimizing our workflows for a scalable vulnerability management program.

Software supply chain attacks are accelerating. Elastic introduced a new capability of signing the Elastic Stack container images with Sigstore to help verify the provenance before deploying them, and therefore, protect against supply chain attacks.

Elastic now provide SHA-512 checksum files for all Elastic Stack released artifacts since 5.6.2. No more SHA-1 checksum files will be produced starting with 6.0.0.