Secure & Efficient Development with Chainguard Images
Build and deploy applications on a secure foundation of minimal, hardened container images to reduce vulnerabilities and save developer time.
Build secure applications on a foundation of minimal, hardened container images to protect against vulnerabilities and attacks.
Leverage low-to-zero CVE container images designed for rapid patching and software updates.
Save hundreds of hours of engineering time annually on vulnerability management, freeing up valuable developer teams to focus on business-critical tasks.
saved on vulnerability management
reduction in CVEs compared to unhardened equivalent
6748 latest versions and many more older versions maintained upstream and guarded by Chainguard
Chainguard Images apply industry compliance hardening techniques to strengthen the security of container environments and future-proof against supply chain threats.
Minimal base images
Build-time SBOMs
Daily rebuilds
Adopt minimal container images designed to optimize performance and security with reduced software bloat, improved cluster performance, and a minimized attack surface for applications.
62% smaller vs Iron Bank
80% fewer comps vs UBI
Pull from hundreds of low-to-zero CVE container images of the most popular open source software.
Build and deploy applications on a secure foundation of minimal, hardened container images to reduce vulnerabilities and save developer time.
The world's leading companies trust Chainguard.
Benefit from a platform running on a hardened, trusted infrastructure, with provenance and attestations from digital signatures and SBOMs.
Gain build-time generated SBOMs, providing transparency into the software supply chain.
Now you can trust the signals from your security scanner. Chainguard makes component lists and critical CVE information accurate and actionable.
CVE-Minimized Container Images for Every Use Case
Available as pure distroless or as minimal image with a package manager and a shell
Always pinned to upstream :latest
Free to use
Enterprise SLA to remediate vulnerabilities
Available as pure distroless or as minimal images with a package manager and a shell
Major and minor versions of upstream
Available through Chainguard's registry or preferred registry of choice
Access to Chainguard's console to manage images, entitlements, pull tokens, and more
Functionally equivalent to standard images with FIPS cryptographic requirements
Using OpenSSL 3.0 module that is validated by NIST for 140-3
Trust, but verify with openssl-fips-test utility
Dedicated industry-leading STIG purpose built for DISA compliance and compatible with OpenSCAP and SCAP Viewer
Kernel-independent entropy source enables workload deployment on any kernel, hardware, and instance type