Work in progress. A proof-of-concept for fully reproducible base images exists; the
catalog and signing chain are still in design. First images to launch:
postgres · redis · node.js · python.
Proposal · evaluation phase · June 2026
Pull every image. Verify the chain.
Hardened, Wolfi-derived base container images — designed to be
always free and always the latest version, with European sovereign roots and a full
signature chain. Each image will ship a reproducible build, a CycloneDX SBOM,
in-toto provenance and a cosign signature from an EU-resident key — so you
re-derive and match the digest rather than trust us.
Everything runs on a base image — and the base layer is the supply
chain's weakest, highest-blast-radius point.
EU institutions and businesses wanting to adopt sovereign open-source software hit a
wall: the container images they're handed can't pass security review — standard bases
(e.g. Debian) carry hundreds of open CVEs, with no reproducibility, provenance or
signing on the base layer, and a single flaw in a base component cascades into
every image built on it.
And there is no EU-rooted hardened alternative to turn to. That unmet need — a base
layer European institutions and businesses can actually trust and verify — is what Burgward offers.
Why Burgward
vs. existing hardened-image options
Hardened base images already exist — but every credible one is
US-rooted, so none can be the sovereign root of trust for European institutions and
businesses under the CLOUD Act. They are the upstream we build on and contribute back to, not a substitute.
DistrolessGoogle — US. Generic infra; trust rests on Google's signature; build bootstrap not re-rooted.
ChainguardUS company (free + commercial). Trust = the vendor's signature, not independent re-derivation; no EU signing chain.
BitnamiBroadcom / VMware — US. Hardened images, but the same jurisdiction and signature-trust limits.
BurgwardEU-rooted. Built from source with our own keys; trust by independent re-derivation — rebuild and byte-match the digest, no vendor to believe; bootstrap re-rooted. Apache-2.0, contributed upstream to Wolfi.
Status
done vs planned · 2026-06-01
✓ Done so far
Reproducible-build proof-of-concept: a Wolfi-derived hardened base rebuilt byte-for-byte from source, with our own signing key — Apache-2.0 tools only, no vendor binary in the trust root.
Design & architecture of the catalog, signature chain and verifier.
Codeberg organisation (EU-hosted source).
○ Planned / in evaluation
The four first images — postgres, redis, node.js, python — built, signed and published (in evaluation).
The images.burgward.org registry and the sovereign-verify CLI.
EU-resident HSM signing key & the continuous-rebuild pipeline.
component images for specific sovereign stacks; foundation governance.
Free at the root. Forever.
The base layer is what every container is built on top of. It should be a
commons — open, verifiable, and free —
not a layer you rent from a single foreign vendor. The intent: the images and their
machine-readable proofs will live here, openly, under a free license, maintained continuously.
The scope is deliberately narrow — base images and the proofs that travel with them:
recipes, SBOMs, in-toto provenance and cosign signatures. Reproducible, EU-rooted, free to
pull and modify.
Planned base: burgward-minimal — a glibc, distroless base
to be rebuilt from Wolfi source with our own EU keys. Component images for specific
sovereign stacks would follow. Versions shown are evaluation targets and may change.
Trust by re-derivation, not by signature alone. Planned model
A signature only says we built it. The intended model: because every image
will be built reproducibly from a declarative source recipe, anyone — you, an auditor, another
EU operator — can rebuild it and confirm the digest matches, bit for bit. The trust root is the
source and the build, not a vendor you have to believe. A planned
sovereign-verify
CLI would check the whole chain offline, against a bundled trust anchor — for air-gapped networks too.
Designed to stay latest. Rebuilt continuously. Planned
Compliance decays with every CVE, so the commons is designed not to freeze. The plan: when a
vulnerability lands in a base component — the Dirty Pipe /
xz-backdoor class, whose blast radius
reaches every downstream image — the affected images are re-derived, re-attested and
republished. Always-latest as the default.
advisory → re-derive
→ rebuild from source
→ re-attest (SBOM·prov·sig)
→ republish → you re-verify
European sovereign roots
the design · no US vendor in the trust root
From source
Rebuilt, not mirrored
To be built from Wolfi source recipes with our own generated keys — not re-signed
vendor binaries. The bootstrap is re-rooted so trust starts from source you can read.
(Proven in the proof-of-concept; production catalog planned.)
EU-resident
Signed in Europe
Planned: cosign signatures from an EU-resident HSM key; source on Codeberg (EU). No
CLOUD-Act jurisdiction over the root of trust — structural, not a setting.
Given back
Upstream & open
Recipes to be Apache-2.0 and contributed upstream to Wolfi. The commons grows the shared
stack rather than forking it — the patina, not another wall.