Products
Chainguard Images
Reduce your attack surface with minimal, distroless images.
Chainguard Enforce
Manage, monitor and enforce end-to-end policies.
Chainguard Services
Infrastructure, configuration, and compliance assessment.
Developer
Resources
Company
Contact
Back
Docs
Open source
Back
Unchained blog
Customer stories
Education
Back
About
Careers
Back
About
Newsroom
Careers
UNCHAINED

A curated collection of writings, research, and solutions

Read the latest software supply chain and open source security updates from our experts.

Engineering
Building Chainguard's Container Image Registry

We built a passwordless container image registry with a focus on security to sustain the foundation for ongoing product growth & feature additions for our users.

Jason Hall, Software Engineer
May 23, 2023
Product
Scaling Chainguard Images with a growing catalog and proactive security updates

Chainguard Images boosts support for enterprise development teams with expanded catalog offerings, a dedicated registry, and proactive security notifications.

Kim Lewandowski
May 18, 2023
Categories
Research
Introducing "Speranza": Enhancing Software Signing with Privacy and Usability
Zachary Newman, Principal Research Scientist
May 30, 2023
Introducing "Speranza": Enhancing Software Signing with Privacy and Usability
Research
Product
Fortify, Comply and Conquer FedRAMP with Chainguard Images
Dan Lorenc
May 25, 2023
Fortify, Comply and Conquer FedRAMP with Chainguard Images
Product
Engineering
Building Chainguard's Container Image Registry
Jason Hall, Software Engineer
May 23, 2023
Building Chainguard's Container Image Registry
Engineering
Open Source
OSS Security: Chainguard May 2023 Update
Tracy Miranda
May 22, 2023
OSS Security: Chainguard May 2023 Update
Open Source
Product
Policy Rollback and Auditing with Versions in Chainguard Enforce
Colin Douglas and Katy Howard
May 19, 2023
Policy Rollback and Auditing with Versions in Chainguard Enforce
Product
Product
Scaling Chainguard Images with a growing catalog and proactive security updates
Kim Lewandowski
May 18, 2023
Scaling Chainguard Images with a growing catalog and proactive security updates
Product
Product
Enhancing Enterprise Reliability Features for Chainguard Enforce Customers
Adam Dawson and Narayan Iyengar
May 11, 2023
Enhancing Enterprise Reliability Features for Chainguard Enforce Customers
Product
Security
How to Explain the CISA Software Attestation Requirements to Your Board
Dan Lorenc
May 5, 2023
How to Explain the CISA Software Attestation Requirements to Your Board
Security
Open Source
Meet Chainguard at Open Source Summit North America 2023 [May 10 – 12 in Vancouver]!
Tracy Miranda
May 5, 2023
Meet Chainguard at Open Source Summit North America 2023 [May 10 – 12 in Vancouver]!
Open Source
Research
Enforce Against Vulnerability Sprawl with Up-to-Date Images
John Speed Meyers
May 3, 2023
Enforce Against Vulnerability Sprawl with Up-to-Date Images
Research
News
Chainguard joins DHS S&T new startup cohort to strengthen software supply chain
Dan Lorenc
April 27, 2023
Chainguard joins DHS S&T new startup cohort to strengthen software supply chain
News
Engineering
Move Over, Dockerfiles! The New Way to Craft Containers
Jason Hall and Zachary Newman
April 27, 2023
Move Over, Dockerfiles! The New Way to Craft Containers
Engineering
Open Source
Open Source Software Takes Center Stage at RSA
Dan Lorenc
April 24, 2023
Open Source Software Takes Center Stage at RSA
Open Source
Open Source
npm + Sigstore: Making Javascript secure by default
Tracy Miranda
April 19, 2023
npm + Sigstore: Making Javascript secure by default
Open Source
News
Chainguard and CNCF Conduct SLSA Assessments for Argo and Prometheus Projects
James Petersen
April 19, 2023
Chainguard and CNCF Conduct SLSA Assessments for Argo and Prometheus Projects
News
Open Source
Chainguard open sources new policy catalog for Sigstore policy-controller
Erin Glass and Ville Aikas
April 18, 2023
Chainguard open sources new policy catalog for Sigstore policy-controller
Open Source
News
Chainguard Images Now Available to Government Agencies on U.S. Air Force Platform One
Dan Lorenc
April 17, 2023
Chainguard Images Now Available to Government Agencies on U.S. Air Force Platform One
News
Product
Chainguard Image Now Available for Prometheus
Dan Lorenc
April 14, 2023
Chainguard Image Now Available for Prometheus
Product
News
Join Chainguard at KubeCon EU in Amsterdam April 19-21!
Sarah O'Rourke
April 13, 2023
Join Chainguard at KubeCon EU in Amsterdam April 19-21!
News
Product
It all started with a commit: Celebrating 6 years of Distroless
Dan Lorenc and Matt Moore
April 12, 2023
It all started with a commit: Celebrating 6 years of Distroless
Product
Product
Tired of Searching Through Your Scan Results? Try the Chainguard OpenSearch Image
Dan Lorenc
April 7, 2023
Tired of Searching Through Your Scan Results? Try the Chainguard OpenSearch Image
Product
Product
The role of attestations in a secure software supply chain
Zachary Newman
April 4, 2023
The role of attestations in a secure software supply chain
Product
Open Source
ICYMI: What's new in Chainguard Academy
Lisa Tagliaferri
April 3, 2023
ICYMI: What's new in Chainguard Academy
Open Source
News
GitCommitted with Your Dream Base Image
Kirby Koo
April 1, 2023
GitCommitted with Your Dream Base Image
News
Engineering
Are Kubernetes Validating Admission Policies the end of admission controllers?
Ville Aikas and Zachary Newman
March 31, 2023
Are Kubernetes Validating Admission Policies the end of admission controllers?
Engineering
Open Source
New Chainguard Academy tutorial: Cosign the Manual Way
Eddie Zaneski
March 30, 2023
New Chainguard Academy tutorial: Cosign the Manual Way
Open Source
Open Source
Sigstore policy-controller 101
Ville Aikas and Erin Glass
March 29, 2023
Sigstore policy-controller 101
Open Source
Product
Chainguard Image Now Available for NATS
Dan Lorenc
March 27, 2023
Chainguard Image Now Available for NATS
Product
Open Source
Chainguard contributes Rekor Search Project to Sigstore
Priya Wadhwa
March 23, 2023
Chainguard contributes Rekor Search Project to Sigstore
Open Source
Product
5 Capabilities in Chainguard Enforce You Don’t Want to Miss (Your Security Team Will LOVE #4)
Adam Dawson
March 23, 2023
5 Capabilities in Chainguard Enforce You Don’t Want to Miss (Your Security Team Will LOVE #4)
Product
Open Source
OSS Security - Chainguard Spring 2023 Update
Tracy Miranda
March 22, 2023
OSS Security - Chainguard Spring 2023 Update
Open Source
Product
Chainguard Image Now Available for Apache Zookeeper
Dan Lorenc
March 20, 2023
Chainguard Image Now Available for Apache Zookeeper
Product
Product
Using Chainguard Enforce to prepare for the Kubernetes registry deprecation
Adam Dawson and Ville Aikas
March 16, 2023
Using Chainguard Enforce to prepare for the Kubernetes registry deprecation
Product
Research
New SLSA++ Survey Reveals Real-World Developer Approaches to Software Supply Chain Security
David A. Wheeler, The Linux Foundation; John Speed Meyers, Chainguard; Mikaël Barbero, Eclipse Foundation; and Rebecca Rumbul, Rust Foundation
March 13, 2023
New SLSA++ Survey Reveals Real-World Developer Approaches to Software Supply Chain Security
Research
Engineering
What the Fuzz? Better Coding through Randomized Testing
Zachary Newman
March 13, 2023
What the Fuzz? Better Coding through Randomized Testing
Engineering
Security
What the fork: Imposter Commits in GitHub Actions and CI/CD
Billy Lynch
March 8, 2023
What the fork: Imposter Commits in GitHub Actions and CI/CD
Security
Product
Chainguard Image Now Available for Postgres
Dan Lorenc
March 6, 2023
Chainguard Image Now Available for Postgres
Product
News
Charting a secure by default future
Dan Lorenc
March 2, 2023
Charting a secure by default future
News
Engineering
apko: a year later
Ariadne Conill
February 28, 2023
apko: a year later
Engineering
Research
Chainguard Conducts SLSA Software Supply Chain Security Audit of Open Source Project Git
Adolfo García Veytia and John Speed Meyers
February 27, 2023
Chainguard Conducts SLSA Software Supply Chain Security Audit of Open Source Project Git
Research
Product
Announcing Chainguard Enforce Discovery and Expanded Runtime Support
Adam Dawson and Mark Drake
February 27, 2023
Announcing Chainguard Enforce Discovery and Expanded Runtime Support
Product
Product
Hopping Into Spring With Chainguard’s RabbitMQ Image
Dan Lorenc
February 24, 2023
Hopping Into Spring With Chainguard’s RabbitMQ Image
Product
Product
SBOMs in a multi-architecture world
Matt Moore and Adolfo García Veytia
February 22, 2023
SBOMs in a multi-architecture world
Product
Engineering
Building towards OCI v1.1 support in cosign
Josh Dolitsky
February 17, 2023
Building towards OCI v1.1 support in cosign
Engineering
News
Chainguard Named an IDC Innovator for Open Source Software Supply Chain Security
Dan Lorenc
February 15, 2023
Chainguard Named an IDC Innovator for Open Source Software Supply Chain Security
News
A purl of Wisdom on SBOMs and Vulnerabilities
John Speed Meyers
February 14, 2023
A purl of Wisdom on SBOMs and Vulnerabilities
Product
Chainguard Image Now Available for HAProxy
Adrian Mouat
February 9, 2023
Chainguard Image Now Available for HAProxy
Product
Engineering
Not All That’s Signed Is Secure: Verify the Right Way with TUF and Sigstore
Zachary Newman and Marina Moore (NYU)
February 8, 2023
Not All That’s Signed Is Secure: Verify the Right Way with TUF and Sigstore
Engineering
Product
Chainguard Image Now Available for Kubectl
Adrian Mouat
February 7, 2023
Chainguard Image Now Available for Kubectl
Product
Product
How to Sign Private Artifacts Securely with Chainguard's Timestamp Authority
Hector Fernandez
February 2, 2023
How to Sign Private Artifacts Securely with Chainguard's Timestamp Authority
Product
News
Chainguard & BoxBoat, an IBM company, Announce Strategic Partnership to Tackle Software Supply Chain Security
Kaylin Trychon
January 30, 2023
Chainguard & BoxBoat, an IBM company, Announce Strategic Partnership to Tackle Software Supply Chain Security
News
Open Source
Chainguard to Accelerate VEX Adoption through OpenVEX Specification
Dan Lorenc
January 30, 2023
Chainguard to Accelerate VEX Adoption through OpenVEX Specification
Open Source
Product
Four New Ways to Protect Your Supply Chain With Chainguard Enforce
Adam Dawson
January 30, 2023
Four New Ways to Protect Your Supply Chain With Chainguard Enforce
Product
News
Come see us at CloudNativeSecurityCon in Seattle Feb 1-2!
Sarah O'Rourke
January 27, 2023
Come see us at CloudNativeSecurityCon in Seattle Feb 1-2!
News
Make SBOMs, not GuessBOMs: Why we need to shift left on SBOM generation
Tracy Miranda
January 25, 2023
Make SBOMs, not GuessBOMs: Why we need to shift left on SBOM generation
Product
Go 1.20 is coming, and it brings even more security by default
Adrian Mouat
January 23, 2023
Go 1.20 is coming, and it brings even more security by default
Product
Engineering
GitHub Container Registry private repos sometimes… weren’t
Jason Hall
January 23, 2023
GitHub Container Registry private repos sometimes… weren’t
Engineering
News
Building the first memory safe distro
Dan Lorenc and Ariadne Conill
January 23, 2023
Building the first memory safe distro
News
Open Source
Understanding the relationship between FOSS and the “software supply chain”
Ariadne Conill
January 20, 2023
Understanding the relationship between FOSS and the “software supply chain”
Open Source
Product
Chainguard Image Now Available for Python 3.11
Dan Lorenc
January 19, 2023
Chainguard Image Now Available for Python 3.11
Product
Research
Are SBOMs Good Enough for Government Work?
John Speed Meyers
January 18, 2023
Are SBOMs Good Enough for Government Work?
Research
Security
Understanding The Promise of VEX
Kaylin Trychon
January 18, 2023
Understanding The Promise of VEX
Security
Product
Chainguard Image Now Available for Bazel
Dan Lorenc
January 17, 2023
Chainguard Image Now Available for Bazel
Product
Engineering
Conquer your Build Horizon with Chainguard Enforce in 2023
Matt Moore
January 13, 2023
Conquer your Build Horizon with Chainguard Enforce in 2023
Engineering
Product
Open Policy Agent Uses Chainguard Images to Safeguard from OpenSSL Vulnerabilities
Adrian Mouat
January 11, 2023
Open Policy Agent Uses Chainguard Images to Safeguard from OpenSSL Vulnerabilities
Product
Engineering
Building Wolfi from the ground up… and announcing arm64 support!
Jason Hall
January 10, 2023
Building Wolfi from the ground up… and announcing arm64 support!
Engineering
Product
Benefits of Keyless Software Signing
Kaylin Trychon
January 6, 2023
Benefits of Keyless Software Signing
Product
Product
Chainguard Image Now Available for Redis
Dan Lorenc
January 4, 2023
Chainguard Image Now Available for Redis
Product
Open Source
Highlights from OpenSSF’s 2022 Annual Report
Kaylin Trychon
December 30, 2022
Highlights from OpenSSF’s 2022 Annual Report
Open Source
Product
Chainguard Image Now Available for Ruby 3.2
Dan Lorenc
December 29, 2022
Chainguard Image Now Available for Ruby 3.2
Product
Engineering
Building Images for the Secure Supply Chain
Adrian Mouat
December 27, 2022
Building Images for the Secure Supply Chain
Engineering
News
Introducing Chainguard Labs: An Update on an Open, Living Software Supply Chain Compromises Dataset and new SBOM research efforts
John Speed Meyers and Zack Newman
December 20, 2022
Introducing Chainguard Labs: An Update on an Open, Living Software Supply Chain Compromises Dataset and new SBOM research efforts
News
Research
Are SBOMs Any Good? Preliminary Measurement of the Quality of Open Source Project SBOMs
John Speed Meyers
December 20, 2022
Are SBOMs Any Good? Preliminary Measurement of the Quality of Open Source Project SBOMs
Research
Product
Getting started with Rego policies in Chainguard Enforce
Adam Dawson
December 20, 2022
Getting started with Rego policies in Chainguard Enforce
Product
News
Our 2023 Technology Trends & Predictions for Software Security
Chainguard Team
December 15, 2022
Our 2023 Technology Trends & Predictions for Software Security
News
Open Source
The Archiving of the Gorilla Web Toolkit: A Tale of Two Software Security Risks
Dan Luhring and Eddie Zaneski
December 13, 2022
The Archiving of the Gorilla Web Toolkit: A Tale of Two Software Security Risks
Open Source
Product
ICYMI: Our Chainsmas Spaces Recap
December 9, 2022
ICYMI: Our Chainsmas Spaces Recap
Product
Product
Chainguard Enforce Announces New Software Signing Capability, Enterprise Supply Chain Security Updates
Adam Dawson and Priya Wadhwa
December 7, 2022
Chainguard Enforce Announces New Software Signing Capability, Enterprise Supply Chain Security Updates
Product
Software Supply Chain Security: Broader Than SolarWinds and Log4J
Dan Lorenc
December 7, 2022
Software Supply Chain Security: Broader Than SolarWinds and Log4J
Security
Principles for Secure Software Distribution: Lessons from Leaked Android Platform Signing Keys
Zack Newman
December 2, 2022
Principles for Secure Software Distribution: Lessons from Leaked Android Platform Signing Keys
Security
Securing the Machine Learning Supply Chain
Zack Newman
November 30, 2022
Securing the Machine Learning Supply Chain
News
Chainguard Enforce is now available on AWS Marketplace
Adam Dawson
November 27, 2022
Chainguard Enforce is now available on AWS Marketplace
News
Engineering
Reflections on Trusting VEX (or when humans can improve SBOMs)
Adolfo García Veytia
November 23, 2022
Reflections on Trusting VEX (or when humans can improve SBOMs)
Engineering
Open Source
7 Reasons You Should Plan to Adopt Sigstore in 2023
Tracy Miranda
November 17, 2022
7 Reasons You Should Plan to Adopt Sigstore in 2023
Open Source
Research
Software Dark Matter is the Enemy of Software Transparency
John Speed Meyers, Adolfo Veytia, Dan Luhring, Zack Newman, and Santiago Torres-Arias
November 9, 2022
Software Dark Matter is the Enemy of Software Transparency
Research
News
Mitigating OpenSSL Vulnerability with Chainguard
Dan Lorenc
November 1, 2022
Mitigating OpenSSL Vulnerability with Chainguard
News
Open Source
Life of a Sigstore Signature
Zack Newman and Jed Salazar
October 25, 2022
Life of a Sigstore Signature
Open Source
News
Chainguard at KubeCon North America: October 24-28!
Team Chainguard
October 20, 2022
Chainguard at KubeCon North America: October 24-28!
News
Engineering
Is CVE-2022-42889 the next Log4Shell? Not really.
Ariadne Conill
October 20, 2022
Is CVE-2022-42889 the next Log4Shell? Not really.
Engineering
Product
New Apache Commons Text CVE Feels like Déjà Vu All Over Again
Dan Lorenc
October 19, 2022
New Apache Commons Text CVE Feels like Déjà Vu All Over Again
Product
Open Source
Chainguard enthusiastically supports donating ko to CNCF
Jason Hall
October 18, 2022
Chainguard enthusiastically supports donating ko to CNCF
Open Source
News
Sigstore is now Generally Available
Priya Wadhwa
October 18, 2022
Sigstore is now Generally Available
News
Engineering
Breaking down PCI Guidance for Containers and Container Orchestration Tools
Adam Dawson
October 14, 2022
Breaking down PCI Guidance for Containers and Container Orchestration Tools
Engineering
Research
Hunting Malware on Package Repositories
Ly D. Vu, Zack Newman, and John Speed Meyers
October 13, 2022
Hunting Malware on Package Repositories
Research
Research
What’s in the CNSA Suite, and who should care?
Zack Newman
October 5, 2022
What’s in the CNSA Suite, and who should care?
Research
Security
Putting VEX To Work
Adolfo García Veytia
October 3, 2022
Putting VEX To Work
Security
News
What’s Software Supply Chain Security Got To Do With The State of DevOps Report? A Lot.
John Speed Meyers, Todd Kulesza
September 28, 2022
What’s Software Supply Chain Security Got To Do With The State of DevOps Report? A Lot.
News
Engineering
What's new in SPDX 2.3?
Adolfo García Veytia
September 26, 2022
What's new in SPDX 2.3?
Engineering
News
Chainguard Enforce Is Now Generally Available
Kim Lewandowski
September 21, 2022
Chainguard Enforce Is Now Generally Available
News
News
Learn to Build Software that is Secure by Default with Chainguard Academy
Lisa Tagliaferri
September 21, 2022
Learn to Build Software that is Secure by Default with Chainguard Academy
News
Products

Chainguard Images

Chainguard Enforce

Chainguard Services

Developer

Open source

Docs

Resources

Unchained blog

Customer stories

Security

Education

Company

About

Careers

Legal

Contact

Follow

Twitter

GitHub

LinkedIn

TikTok

© 2023 Chainguard, Inc.

Contact