Building for the AI era: Chainguard partners with Endor Labs

AI is reshaping the software supply chain faster than any team can defend it. Coding agents are shipping code at a pace humans can’t review. Every agent-generated commit pulls in more open source dependencies, and zero-days continue to accelerate. The attack surface is expanding, and the disclosure window is collapsing at the same time.

Chainguard’s answer to this has always been the same: prevention beats detection. The fewer CVEs and compromised packages that enter your environment in the first place, the less your team has to triage, prioritize, and patch downstream. That’s why we rebuild every artifact daily in our agentic Factory and publish signed SBOMs and provenance with every release.

But preventing what we can prevent is half the full picture. Customers still need to know, for the vulnerabilities that do exist in their application code, what’s reachable and exploitable, and what is merely noise. Ultimately, the teams that win in this current environment will have to focus on both parts of the picture: shrink what enters their environment from the start, and dedicate time only to remediate what is actually reachable and exploitable in their application code.

That’s where Endor Labs comes in, and why we’re excited to announce them as our newest ecosystem partner.

What Chainguard and Endor Labs do, together

Chainguard is the trust layer for your open source supply chain. Our AI-native Chainguard Factory continuously rebuilds every container, library, CI/CD workflow, and agent skill from source, delivering each artifact with SLSA Level 3 provenance and SBOMs.

Endor Labs is an agentic application security platform that cuts through alert noise by verifying which vulnerabilities are actually exploitable. Its AURI code context graph traces vulnerable functions from real entry points through application code, dependencies, container layers, and AI models, telling teams which findings genuinely matter and which are noise.

Together, for teams building with AI coding agents, that combination matters more every day. The infrastructure that those agents build on starts clean, and every finding comes with the context to act on it, not just flag it. For regulated environments, it means the provenance, attestations, and exploitability evidence needed to satisfy FedRAMP, PCI DSS, CMMC, and the EU Cyber Resilience Act, without additional tooling.

How this benefits your team

With Chainguard Containers and Endor Labs, teams can:

• Build at AI speed with every artifact built from source in Chainguard’s SLSA L3 Factory, rebuilt daily, with signed SBOMs and provenance attestations.

• Cut the OS-level CVE remediation queue down to only what's reachable from running workloads.

• Validate Chainguard provenance directly inside the Endor Labs console, with no separate verification step.

• Identify the highest-impact images to migrate to Chainguard, ranked by reachable risk, and offer an easy path to replace vulnerable images

• Meet FedRAMP, PCI DSS, CMMC, and EU Cyber Resilience Act evidence requirements with the SBOMs, VEX documents, and exploitability data both platforms produce natively.

Discover more about our Chainguard partners, and get in touch with our team to learn how Chainguard and Endor Labs can work together to help you.