Case Study

Block tackles software supply chain security with Chainguard Enforce

Webscale companies can often see around the corner and spot new trends in security well before the rest of the market even feels the pain. This is a story of Block Inc.'s journey to build bespoke solutions to software supply chain security, and why they ultimately decided to standardize and innovate on Chainguard Enforce.


Block, Inc. is a global technology company with a focus on financial services serving hundreds of millions of global customers and processes billions of transactions daily. Made up of Square, Cash App, Spiral, TIDAL, and TBD, its focus is on building tools to help more people access the economy.

While many organizations are still early in their software supply chain journeys, Block's security engineering and developer teams are already years into their investment in methods to secure the supply chain by default. Long before high profile incidents like SolarWinds and Log4j, Block created its own software supply chain attestation and security policy enforcement agent.

Block lacked a single, holistic solution for building trust in their software artifacts despite the company’s focus on software supply chain security and utilizing several internally built and open source tools.

As Block continued to grow and scale its homegrown solutions for software supply chain security, it sought broader functionality that brought software attestation and enforcement closer to developer workflow, tighter integration with its Kubernetes cloud infrastructure environments, and built to scale globally to its tens of thousands of global engineers and their build environments.

“Chainguard Enforce enables Block to have continuous compliance and policies that help address software supply chain threats. With Chainguard Enforce, we’re able to seamlessly roll out policies across the organization like requiring only signed images for deployment, which helps us fill gaps in understanding what software we can trust in our environments and where it came from.”
Josh Lemos, CISO at Block


That’s when Block was introduced to Chainguard and its Enforce platform. Chainguard Enforce is designed to deliver a holistic solution for software signing, attestation storage, policy creation, and enforcement. Chainguard Enforce meets Block’s needs because it allows the team to consolidate its internal tooling into one comprehensive solution, providing complete visibility into Block’s overall software supply chain security posture. Additionally, the platform provides Block’s developers and operations team easy onboarding and integration points to quickly address security requirements across their organization.

With Chainguard Enforce, Block can centrally manage policies with fine-grained controls that ensure only trusted software is being deployed in its environment, as well as easily deploy policies to multiple clusters in its fleet with a single step. Access to Chainguard Enforce’s rich metadata helps the team understand their supply chain security metrics and enables them to build out security alerting to keep customers updated.


Founded in 2009, Block provides payment acquiring services to merchants, along with related services. The company also launched Cash App, a person-to-person payment network.





Cloud platform



It took me about 20 minutes and 6 lines of code to change it over to use the Chainguard Image. There is no blame to engineering, they are doing what everyone does by just taking what's in Docker Hub.”

Andrew Storms