Sbom

This CNPG Recipe explores the latest enhancements to CloudNativePG’s software supply chain and image management. Learn how our new, fully controlled build process—complete with Snyk scanning, image signing, and SBOMs—delivers smaller, more secure PostgreSQL images. We also detail how to leverage the newly streamlined image catalogs for simplified, declarative cluster management and safer fleet-wide upgrades in Kubernetes.

Managing extensions is one of the biggest challenges in running PostgreSQL on Kubernetes. In this article, I explain why I believe CloudNativePG —now a CNCF Sandbox project—is on the verge of a breakthrough. Two important new features for both PostgreSQL and Kubernetes—the extension_control_path option and image volumes—will guarantee immutability to extension container images.