The AI-powered factory rebuilding open source

Reconciler bots and AI agents run continuously across our entire catalog — so every artifact you get from Chainguard meets the same security standard.

Parlez à un expert Patcher le passé

$chainguard factory --watch✓monitoring 2,847 upstream sourcesregistries · repos · CVE feeds · distro trackers

↻drift detected: nginx@1.27.4 → 1.27.5✓reconciler started · diffing desired vs. actualapplying patch · queuing rebuild

!reconciler stuck: patch conflict at NGINX/conf.d:42↳dispatching agent.fix-patch✓resolved in 4.2s · retrying build

✓build passed · tests passed · SLSA L3 attested✓signed: sha256:9c8a3f…d4→delivered: cgr.dev/chainguard/nginx:1.27.5

Why we built it

A factory built for what's coming.

Modern security demands artifacts that are always up to date, and the only way to deliver that at scale is to rebuild them, automatically, around the clock. So we built a factory that does exactly that. Thousands of artifacts, every shape your team needs, all kept current to the same hardened standard.

Containers

Minimal container images with a best-in-class SLA for CVE remediation.

Libraries

A guarded catalog of libraries that protect against supply chain attacks.

VMs

Optimized virtual machine images rebuilt from source daily.

OS Packages

Secure ingredients for custom container builds.

Actions

Secure-by-default CI/CD workflows for safer pipelines.

Agent Skills

A continuously maintained catalog of hardened AI agent skills.

Powered by Chainguard Factory

An agentic software factory run by open source experts.

Discover the factory

Why the Factory earns its trust

Every layer of the supply chain has its own attack surface. The Factory applies a specific control to each

Cryptographic verification at every hop

Every input, every artifact, every step verified against immutable Git references.

Ephemeral, minimal build environments

Every build runs in a hardened, single-use container, destroyed after each rebuild.

Short-lived credentials only

Classic GitHub PATs banned. Refresh tokens expire in 24 hours. FIDO2 hardware keys on critical systems.

Supervisor / guest separation

Attacker-controlled upstream code can never reach our signing infrastructure.

Multi-layer package analysis

No source, no package. Every artifact scanned against 12,000+ YARA rules for malware.

Human review + continuous auditing

Code review by Wolfi maintainers, plus continuous machine analysis on every package.

Where Chainguard fits into your stack and SDLC

Chainguard Containers Chainguard Libraries Chainguard VMs Chainguard OS Packages Chainguard Actions Chainguard Agent Skills

Results that speak for themselves

A secure foundation for software development and deployment

352,000+

Engineering Hours Saved

88,000+

CVEs Remediated

20 hours

avG remediation time for critical cves

80%

Reduction in Attack Surface

97.6%

Avg. Reduction in CVEs

Exécuter la commandeInvite du système CG

Vous souhaitez en savoir plus sur Chainguard?