The challenge

Trustpilot operates at the forefront of software development as a fully cloud-native, microservices-based platform trusted by millions of consumers and businesses worldwide.

As Stu Hirst, CISO at Trustpilot, built out a world-class security organization and gained increasing visibility into their engineering environment, one trend stood out: container vulnerabilities dominated the risk landscape. Fixing the same issues across teams created high-volume, repetitive toil for developers and dragged engineering focus away from shipping new features.

Stu put it plainly: “That whack-a-mole approach of manual vulnerability management isn’t scalable and it’s something we’ve all had to do for a number of years — but it’s just not the future of engineering.”

“Shifting left” wasn’t enough — Stu wanted to start left. Eliminate vulnerabilities at the source with secure-by-default inputs.

The solution

Jonny Brodie, Senior Platform/Cloud Security Engineer at Trustpilot, shared Stu’s “start left” ideology. After experimenting with Chainguard’s free images, Jonny saw the potential to support a secure, golden image program for the engineering team with Chainguard. He brought the idea to Stu and today, Trustpilot redistributes Chainguard Containers to the engineering team through its internal registry. The team saw immediate impact.

The results

Efficiency and velocity gains

After adopting Chainguard Containers, Trustpilot’s security and engineering teams saw immediate gains in speed and productivity. With an over 80% reduction in vulnerability counts, engineers reclaimed valuable hours each week that had previously been spent on repetitive triage and patching. By eliminating the endless “fix it again” cycle, teams now spend that time building features and improving customer experience.

A mandatory use policy for Chainguard container images in all new containerized work has also removed decision fatigue; developers no longer need to weigh which base image is safest. As Stu noted, the result is simple but powerful: engineers spend less time firefighting and more time “shipping cool things.”

Scalable, secure-by-default infrastructure

Jonny and Stu’s teams replaced fragmented, manual fixes with a standardized, golden path for secure container builds. Through an internal registry, they now distribute a single, verified baseline for container images across all services. Jonny explained, “highlighting the same vulnerability 100 times isn’t efficient. Fix it once, redistribute it to everyone.”

This approach eliminated redundant work, reduced security noise, and ensured consistency across hundreds of deployments. Because Chainguard continuously rebuilds and hardens images, Trustpilot doesn’t need dedicated staff to manage private registries, monitor CVEs, or manually patch base layers. The system itself enforces good security hygiene, allowing the platform to scale securely without adding headcount or friction.

Without Chainguard, Trustpilot would have to manage these golden images on its own, an undertaking that would require hiring additional dedicated staff.

Strengthened security and trust

With smaller, pre-hardened images, Trustpilot’s teams can build and run software with fewer vulnerabilities and better stability. Maintenance has become predictable, triage is faster, and the risk of exposure from unpatched dependencies is significantly lower. This secure-by-default foundation not only reduces risk across the platform but also reinforces the company’s brand promise: delivering a trustworthy, resilient product to millions of users.

But for Stu and Jonny, it’s not just about reducing vulnerabilities or giving their engineers time back. It’s creating a more trustworthy, safer environment. Stu explained, “It's not just about the vulnerability. It's the incident that could have occurred that will no longer occur.”

A true partnership

Trustpilot’s relationship with Chainguard goes beyond a typical vendor-customer dynamic — it’s a partnership built on collaboration and shared innovation.

As an early adopter of Chainguard, the Trustpilot team has played an active role in shaping product development, from discovering bugs to contributing feedback that informed new documentation and features. Stu describes it as a “two-way journey,” where both teams work collaboratively to advance secure-by-default practices and explore what’s next. “We don't want to be given a product and left alone,” Stu said. “We want to work side-by-side in what's coming next, and we’ve done this with Chainguard.”

Looking ahead, the team is exploring Chainguard Custom Assembly and secure, rebuilt-from-source language libraries to further strengthen the software supply chain, ensuring Trustpilot continues to lead by example in not just shifting left, but starting left.