Introducing Chainguard OS Packages: Secure ingredients for custom container builds
Today, we’re introducing Chainguard OS Packages: enterprise-grade, zero-CVE packages and base images built and continuously maintained in the Chainguard Factory. Chainguard OS Packages is purpose-built for customers who already maintain internal image build systems and want to continue doing so.
Built on Chainguard OS, the purpose-built Linux distribution that underpins every Chainguard Container, Chainguard OS Packages now gives customers direct access to the same underlying packages used to build and run Chainguard’s container image catalog. We designed this for advanced teams that want precision and control over their production artifacts. These organizations want to define exactly what goes into their images, manage upgrade cycles on their own terms, and use their existing build tooling. At the same time, they want to eliminate the operational burden of monitoring vulnerabilities, rebuilding packages, and tracking upstream changes.
Now they can.
Greater control without taking on package maintenance
While off-the-shelf container images remain the fastest, simplest way to be secure-by-default, some sophisticated engineering teams want granular control over composition, features, dependencies, and upgrade cadence. Historically, that level of control required maintaining open source packages internally: tracking CVEs, rebuilding on upstream updates, and validating compliance across environments.
Chainguard OS Packages changes that model.
With Chainguard OS Packages, customers gain access to enterprise-grade packages and select Chainguard base images built in the Chainguard Factory. They can use Dockerfiles, Bazel, apko, or other existing pipelines to assemble custom container images from more than 30,000 Chainguard OS packages and hundreds of thousands of package versions delivered via a private APK repository.
Every package is continuously rebuilt and maintained by Chainguard. SBOMs are generated through the Factory. Packages are available in FIPS and non-FIPS-variant versions to support regulated environments.
Teams retain full control over the final image and are responsible for its functionality and for ensuring that the final built images are FIPS-validated. Chainguard handles sourcing, rebuilding, and vulnerability remediation at the package layer. This model allows organizations to offload vulnerability monitoring, patching, and rebuild automation while preserving architectural flexibility.
One way to think about it: Chainguard OS Packages is like receiving a professional meal kit from a Michelin-starred supplier. You keep full control over the recipe and how the final dish comes together. We ensure the ingredients are inspected, rebuilt, and delivered securely.
User-directed evolution
We recently announced the Chainguard OS Fully User-Directed Committee, a user-led governance body that helps ensure Chainguard OS evolves in alignment with real-world user needs. The committee includes members from organizations like LexisNexis, Shift5, Okta, Cisco, and a Fortune 500 financial services firm.
Committee members work closely with our R&D teams to align on secure-by-default principles, define emerging standards, and represent the diverse priorities of the Chainguard OS community. This structure ensures that both Chainguard OS Packages and the broader OS ecosystem evolve in line with user-governed input.
Secure ingredients for the next generation of container builds
As organizations continue to raise the bar on supply chain security, the question is no longer whether packages should be continuously rebuilt and maintained. The question is how to integrate that discipline into diverse and often deeply customized build pipelines.
Chainguard OS Packages answers that question.
You keep control over how your container images are assembled. You use the tooling and pipelines your teams already trust. Chainguard ensures that the packages beneath your builds are continuously rebuilt, patched, and delivered with transparency.
Chainguard OS Packages is currently in beta. Sign up today.
Share this article
Related articles
- product
Introducing Chainguard Repository: A unified experience for secure-by-default open source artifacts
Ross Gordon, Staff Product Marketing Manager, and Angela Zhang, Senior Product Manager
- product
Introducing Chainguard Catalog Starter: Your choice of five free trusted container images from the best catalog
Ed Sawma, VP, Product Marketing, Anushka Iyer, Product Marketing Manager, and Tony Camp, Staff Product Manager
- product
Introducing Chainguard Agent Skills: Because your AI agent shouldn't trust strangers
Sam Katzen, Director, Product Marketing, and Reid Tatoris, VP, Product Management
- product
Introducing Chainguard Actions: CI/CD workflows you can trust
Ross Gordon, Staff Product Marketing Manager, and Reid Tatoris, VP, Product Management
- product
Introducing Chainguard Commercial Builds: Secure-by-default containers for commercial software
Matt Stead, Product Marketing Manager, and Brad Bock, Director, Product Management
- product
Meet the Guardener: The intelligent migration expert for everyone
Sam Katzen, Director, Product Marketing, and Tony Camp, Staff Product Marketing Manager