Chainguard Images

Reduce attack surface and minimize dependencies with our suite of images.

Silence the scanner noise

Chainguard Images contain only what is required to build or run your application. This results in fewer CVEs over time compared to other base images and on average an 80% reduction in overall size.

Key Features

Reduce vulnerabilities

Our images aim for zero-known vulnerabilities: Reduce time, effort, and stress investigating reports by security tooling like Snyk, Trivy, and Grype.

Quick updates from source

Rebuilt nightly from the latest upstream sources: Chainguard Images are updated daily compared to the weeks that other base images take.

Signed with Sigstore

Verify the chain of custody: Chainguard Images are cryptographically signed with Sigstore giving users proof of origin and anti-tamper assurance.

SBOMs included

Instantly identify all software components running in your cluster: All Chainguard Images come with SBOMs generated at build time.

Chainguard vs. others

Chainguard Images are minimal, comprised of only the things required to build or run your application;
This results in fewer CVEs over time compared to other base images*.

*Compared to opensource dataset

Minimize your base images

All our Images aggressively minimize the software components included. The smaller size reduces complexity and delivers faster builds and deploys. The reduced number of packages mean vulnerabilities accumulate slower even on pinned images.
‍
Built with glibc for full compatibility, featuring ARM and x86-64 support.

Enterprise Support

For commercial customers we provide:

Support for older software releases: Images are continuously rebuilt to remove vulnerabilities in ancillary software including third party and OS dependencies.

SLAs on time to patch vulnerabilities: We will address vulnerabilities within a given timeframe.

Custom image and package building.

Compliance including FIPS/FedRAMP options.