Expanding Chainguard VMs: Zero-CVE Application & Base Virtual Machine Images for Cloud and On-Prem

Chainguard VMs is expanding beyond container hosts with new Application and Base VM Images — giving teams a secure, zero-CVE foundation to build and innovate faster across cloud and on-prem environments.

Today, we are proud to launch an expanded portfolio of Chainguard VMs, taking a major step forward in delivering secure, hardened infrastructure across all deployment environments. Expanding beyond container hosts, Chainguard VMs now includes application images (Jenkins, Nginx, Squid Proxy) and base images (Chainguard OS, Java, Python). And, you can now deploy these images in hybrid environments with cloud and on-prem support, all protected by Chainguard’s industry-leading CVE remediation SLA.

Chainguard VMs: Application Images

Chainguard VMs now includes a set of secure-by-default, minimal application images, continuously updated for zero CVEs. Initial Chainguard VM application images include Jenkins, Nginx, and SquidProxy.

Chainguard VMs application images are virtual machine counterparts to our popular container images, giving you the flexibility to deploy the same secure workloads in environments that require VM-based infrastructure. These images are pre-configured for different customer use cases, resulting in savings from reduced developer effort to set up image configurations.

Chainguard VMs: Base Images

In addition to VM application images, we are releasing VM base images for Chainguard OS, Java, and Python. These are designed for customers who need to run their proprietary code inside a hardened VM. Chainguard OS provides customers with a secure, clean slate to build their custom applications. Java and Python-based Chainguard VMs enable you to run Java or Python applications in a minimal virtual appliance that incorporates only the necessary packages to run your applications, significantly reducing the attack surface.

Just like Chainguard Containers, Chainguard VMs are built from source daily, incorporating new features and software upgrades through automated rebuilds in the Chainguard Factory. This ensures the latest updates and patches are available to customers, eliminating developer cycles on CVE remediation and allowing engineers to focus on product innovation. Chainguard VMs also come with SBOM-driven provenance attestations for full supply chain trust and transparency.

Support Across Cloud and On-Prem

Chainguard VMs are supported across major cloud and on-prem environments as:

• Google Cloud Platform (GCP) VM

• Amazon Machine Image (AMI)

• Microsoft Azure Compute VM

• VMware vSphere VMDK

• Raw and Qcow2 images

Chainguard VMs are broadly compatible, so you can deploy them in any environment—whether you’re running workloads in the public cloud or managing your own infrastructure. This flexibility enables one-click deployment across environments and helps you avoid vendor lock-in.

"When we tested Chainguard VM with Bluerock’s compute firewall, it was obvious this is a security game changer. Bluerock with Chainguard VM images optimized for specific workloads protects security conscious customers from all manner of vulnerabilities, both known and unknown.”

“Chainguard VM container host images are the ideal environment for Ona’s Developer Productivity solutions. Chainguard VMs, with their minimal footprint and security first focus, drastically reduce the burden of managing CVEs and improve security. The availability of Chainguard VMs for on prem hypervisors is great news”

Building out the Chainguard VM Catalog

The new Chainguard VM app and base images add to our previously announced container hosts. Chainguard VM container host images are already available as an Amazon EKS worker node and as self-managed container hosts in compute for AWS, Azure, and GCP. These enable you to bring your own hardened VM nodes into your managed Kubernetes clusters, ensuring that even the underlying worker infrastructure meets the same strict security standards as your workloads.

Why Chainguard VMs?

Chainguard VMs provides a portfolio of trusted virtual machine appliances, designed to deliver:

• Zero-CVE guarantee with the fastest remediation SLA, 7 days for critical, 14 for all others

• Consistent, reproducible builds

• Enterprise-grade support for multi-cloud and on-prem

• Customization capabilities using Hashicorp Packer

• Seamless integration with your existing CI/CD and runtime environments

Get Started

Whether you’re securing critical workloads in the cloud, running sensitive applications on-prem, or bringing hardened worker nodes to your Kubernetes clusters, Chainguard VMs give you a trusted foundation.

Learn more and get started today.