UNCHAINED

A curated collection of writings, research, and solutions

Read the latest software supply chain and open source security updates from our experts.

Categories
Product
The haunting of CVE-2023-2454: A developer's nightmare
John Speed Meyers, Principal Research Scientist
October 3, 2023
Open Source
Small octopus and a big idea: The story of how a one-year old Linux un-distro is improving the cloud’s software supply chain
Team Wolfi
September 27, 2023
Product
Chainguard’s response to CVE-2023-4527 in glibc
Dan Luhring, Staff Software Engineer
September 25, 2023
News
A growing ecosystem of vulnerability scanners that now support Chainguard Images and Wolfi
Kim Lewandowski, Chief Product Officer
September 20, 2023
Open Source
How to use Dockerfiles with wolfi-base images
Adrian Mouat, Staff DevRel Engineer
September 14, 2023
Product
An update on Chainguard Images FIPS Validation
Adam Dawson, Product Manager, Chainguard Images
September 13, 2023
Open Source
Working with government and industry to put open source security tooling into practice
John Speed Meyers, Principal Research Scientist and Adolfo García Veytia, Staff Software Engineer
September 12, 2023
Research
Stemming the tide of false positive vulnerabilities
Trevor Dunlap, NCSU and Chainguard Intern, Zack Newman, Principal Research Scientist
September 11, 2023
Product
Announcing a Chainguard Image for OpenTF
Dan Lorenc, CEO
September 6, 2023
Product
Update for Chainguard Images Users on HashiCorp License Changes
Kim Lewandowski, Chief Product Officer
September 1, 2023
Making Vulnerability Data Better for Machines (and Humans!) with OpenVEX: How Isovalent and Chainguard Use OpenVEX
Feroz Salam, Adolfo Veytia and John Speed Meyers
August 31, 2023
Product
Announcing General Availability for Chainguard Enforce for GitHub
Billy Lynch
August 29, 2023
Product
Securing the ML supply chain with new Chainguard AI Images
Dan Lorenc, CEO
August 23, 2023
Product
When a picture is worth 306 CVEs: New image vulnerability comparisons in Chainguard Academy
Jamon Camisso, Developer Experience Engineer
August 23, 2023
Product
Exploring new capabilities in the Chainguard Registry to enable secure and efficient container image management
Kim Lewandowski, Chief Product Officer
August 23, 2023
Product
Chainguard Image now available for Zig
Dan Lorenc, CEO
August 18, 2023
Product
Important updates for Chainguard Images public catalog users
Kim Lewandowski, Chief Product Officer
August 15, 2023
Engineering
Fully bootstrapping Go from source in Wolfi
Ariadne Conill, Principal Software Engineer
August 11, 2023
Security
What every CISO should know About the new SSDF security self-attestation form
Dan Lorenc, CEO; Christian Baer, Senior Associate and Sully Perella, Technical Director at Schellman
August 8, 2023
News
Get in Chainguard, we’re going to fabulous Las Vegas!
Kaylin Trychon, VP of Marketing and External Affairs
August 4, 2023
The Zero CVE Challenge: Can official Docker Hub images pass the test?
Trevor Dunlap, Research Intern
August 2, 2023
Open Source
Can Protobom end the SBOM format wars?
Adolfo García Veytia, Staff OSS Engineer and John Speed Meyers, Principal Research Scientist
July 31, 2023
Open Source
wolfi-act: Dynamic GitHub Actions from Wolfi packages
Josh Dolistky, Staff Software Engineer
July 28, 2023
Security
Fuzzy CVEs, tarfiles, and untrusted input
Dan Lorenc, CEO
July 27, 2023
News
Elastic partners with Chainguard on Software Supply Chain security and SLSA assessment
Paul McCann, Principal Product Security Engineer at Elastic and Lewis Denham-Parry, Solutions Architect
July 26, 2023
Engineering
Good MLOps is good ML supply chain security
Zachary Newman, Principal Research Scientist and Savin Goyal, CTO at Outerbounds
July 25, 2023
Product
How Chainguard utilizes software signatures for supply chain security
Priya Wadhwa, Engineering Manager
July 19, 2023
Product
Introducing new SBOM features in Chainguard Enforce
Narayan Iyengar, Product Manager
July 19, 2023
Product
Introducing automatic vulnerability analysis features in Chainguard Enforce
Priya Wadhwa, Engineering Manager
July 19, 2023
Product
Chainguard announces availability of new SBOM, vulnerability analysis and software signing capabilities in Enforce
Kim Lewandowski, Chief Product Officer
July 18, 2023
News
Chainguard named to inaugural Redpoint InfraRed 100
Kaylin Trychon, VP of Marketing and Communications
July 17, 2023
Product
How Chainguard fixes vulnerabilities before they're detected
Jason Hall, Software Engineer
July 14, 2023
Engineering
OCI announces upcoming changes for registries
Josh Dolitsky, Staff Software Engineer
July 13, 2023
News
Advancing the use of memory safe programming languages
Kaylin Trychon, VP of Marking and Communications
July 12, 2023
News
Cleared for takeoff: Meeting TSA’s new cybersecurity requirements
Kaylin Trychon, VP of Marketing and Communications
July 10, 2023
Engineering
So you want to check image signatures in Kubernetes…?
Dan Lorenc, CEO
July 6, 2023
Product
Reproducing Chainguard’s reproducible image builds
Matt Moore, CTO
July 5, 2023
News
Strengthening CI/CD Environments: Insights from NSA and DHS CISA guidance
Dan Lorenc, CEO
June 30, 2023
Product
Chainguard Image now available for Pulumi
Josh Dolitsky, Staff Software Engineer
June 29, 2023
Product
A guide on how to use Chainguard Images for public catalog tier users
Adrian Mouat, Staff OSS Engineer
June 23, 2023
News
An enhanced Chainguard Academy learning experience
Lisa Tagliaferri, Senior Director of Developer Education
June 21, 2023
Engineering
The principle of minimalism
Jed Salazar, Solutions Architect and Matt Moore, CTO
June 21, 2023
Research
Ship software to Uncle Sam faster with zero-known vulnerability containers
John Speed Meyers, Principal Research Scientist
June 20, 2023
News
Government perspectives on software self-attestation requirements
Chainguard Team
June 15, 2023
News
The importance of toolchain security in NIST's SSDF
Dan Lorenc, CEO
June 12, 2023
Engineering
Designing build date epoch in Chainguard Images
Matt Moore, CTO
June 8, 2023
News
Celebrating 5 years of NTIA’s SBOM work
Dan Lorenc, CEO
June 7, 2023
Come see Chainguard (virtually) at Cloudsmith Unpacked on June 20!
Kim Lewandowski, Chief Product Officer
June 6, 2023
Engineering
Fully bootstrapping Java from source in Wolfi
Ariadne Conill, Principal Software Engineer and Josh Wolf, Software Engineer
June 2, 2023
Research
Introducing "Speranza": Enhancing software signing with privacy and usability
Zachary Newman, Principal Research Scientist
May 30, 2023
Product
Fortify, comply and conquer FedRAMP with Chainguard Images
Dan Lorenc, CEO
May 25, 2023
Engineering
Building Chainguard's container image registry
Jason Hall, Software Engineer
May 23, 2023
Open Source
OSS security: Chainguard May 2023 update
Tracy Miranda, Head of Open Source
May 22, 2023
Product
Policy rollback and auditing with versions in Chainguard Enforce
Colin Douglas, Software Engineer and Katy Howard, Software Engineer
May 19, 2023
Product
Scaling Chainguard Images with a growing catalog and proactive security updates
Kim Lewandowski, Chief Product Officer
May 17, 2023
Product
Enhancing enterprise reliability features for Chainguard Enforce customers
Adam Dawson, Product Manager and Narayan Iyengar, Product Manager
May 11, 2023
Security
How to explain the CISA software attestation requirements to your board
Dan Lorenc, CEO
May 5, 2023
Open Source
Meet Chainguard at Open Source Summit North America 2023 [May 10 – 12 in Vancouver]!
Tracy Miranda, Head of Open Source
May 4, 2023
Research
Enforce against vulnerability sprawl with up-to-date images
John Speed Meyers, Principal Research Scientist
May 3, 2023
News
Chainguard joins DHS S&T new startup cohort to strengthen software supply chain
Dan Lorenc, CEO
April 27, 2023
Engineering
Move over, Dockerfiles! The new way to craft containers
Jason Hall, Software Engineer and Zachary Newman, Principal Research Scientist
April 27, 2023
Open Source
Open source software takes center stage at RSA
Dan Lorenc, CEO
April 24, 2023
Open Source
npm + Sigstore: Making Javascript secure by default
Tracy Miranda, Head of Open Source
April 19, 2023
News
Chainguard and CNCF conduct SLSA assessments for Argo and Prometheus projects
James Petersen, Solutions Architect
April 18, 2023
Open Source
Chainguard open sources new policy catalog for Sigstore policy-controller
Erin Glass, Product Manager and Ville Aikas, Distinguished Engineer
April 18, 2023
News
Chainguard Images now available to government agencies on U.S. Air Force Platform One
Dan Lorenc, CEO
April 17, 2023
Product
Chainguard Image now available for prometheus
Dan Lorenc, CEO
April 14, 2023
News
Join Chainguard at KubeCon EU in Amsterdam April 19-21!
Sarah O'Rourke, Communications Director
April 13, 2023
Product
It all started with a commit: Celebrating 6 years of Distroless
Dan Lorenc, CEO and Matt Moore, CTO
April 12, 2023
Product
Tired of searching through your scan results? Try the Chainguard OpenSearch Image
Dan Lorenc, CEO
April 7, 2023
Product
The role of attestations in a secure software supply chain
Zachary Newman, Principal Research Scientist
April 4, 2023
Open Source
ICYMI: What's new in Chainguard Academy
Lisa Tagliaferri, Director of Developer Education
April 3, 2023
News
GitCommitted with your dream base image
Kirby Koo, Social and Community Relations
April 1, 2023
Engineering
Are Kubernetes Validating Admission Policies the end of admission controllers?
Ville Aikas, Distinguished Engineer and Zachary Newman, Principal Research Scientist
March 31, 2023
Open Source
New Chainguard Academy tutorial: Cosign the manual way
Eddie Zaneski, Staff OSS Engineer
March 29, 2023
Open Source
Sigstore policy-controller 101
Erin Glass, Product Manager and Ville Aikas, Distinguished Engineer
March 29, 2023
Product
Chainguard Image now available for NATS
Dan Lorenc, CEO
March 27, 2023
Open Source
Chainguard contributes Rekor Search project to Sigstore
Priya Wadhwa, Engineering Manager
March 23, 2023
Product
5 capabilities in Chainguard Enforce you don’t want to miss (your security team will LOVE #4)
Adam Dawson, Product Manager
March 22, 2023
Open Source
OSS Security: Chainguard Spring 2023 update
Tracy Miranda, Head of Open Source
March 22, 2023
Product
Chainguard Image now available for Apache Zookeeper
Dan Lorenc, CEO
March 20, 2023
Product
Using Chainguard Enforce to prepare for the Kubernetes registry deprecation
Adam Dawson, Product Manager and Ville Aikas, Distinguished Engineer
March 16, 2023
Research
New SLSA++ Survey reveals real-world developer approaches to software supply chain security
David A. Wheeler, The Linux Foundation; John Speed Meyers, Chainguard; Mikaël Barbero, Eclipse Foundation; and Rebecca Rumbul, Rust Foundation
March 13, 2023
Engineering
What the fuzz? Better coding through randomized testing
Zachary Newman, Principal Research Scientist
March 13, 2023
Security
What the fork? Imposter commits in GitHub Actions and CI/CD
Billy Lynch, Staff Software Engineer
March 7, 2023
Product
Chainguard Image now available for Postgres
Dan Lorenc, CEO
March 6, 2023
News
Charting a secure by default future
Dan Lorenc, CEO
March 2, 2023
Engineering
apko: a year later
Ariadne Conill, Principal Software Engineer
February 28, 2023
Research
Chainguard conducts SLSA software supply chain security audit of open source project Git
Adolfo García Veytia, Staff OSS Engineer and John Speed Meyers, Principal Research Scientist
February 27, 2023
Product
Announcing Chainguard Enforce discovery and expanded runtime support
Adam Dawson, Product Manager and Mark Drake, Technical Writer
February 27, 2023
Product
Hopping into spring with Chainguard’s RabbitMQ Image
Dan Lorenc, CEO
February 24, 2023
Product
SBOMs in a multi-architecture world
Adolfo García Veytia, Staff OSS Engineer and Matt Moore, CTO
February 22, 2023
Engineering
Building towards OCI v1.1 support in cosign
Josh Dolitsky, Software Engineer
February 16, 2023
News
Chainguard named an IDC Innovator for open source software supply chain security
Dan Lorenc, CEO
February 15, 2023
Research
A purl of wisdom on SBOMs and vulnerabilities
John Speed Meyers, Principal Research Scientist
February 14, 2023
Product
Chainguard Image now available for HAProxy
Adrian Mouat, Staff OSS Engineer
February 9, 2023
Engineering
Not all that’s signed is secure: Verify the right way with TUF and Sigstore
Zachary Newman, Principal Research Scientist and Marina Moore (NYU)
February 8, 2023
Product
Chainguard Image now available for Kubectl
Adrian Mouat, Staff OSS Engineer
February 7, 2023
Product
How to sign private artifacts securely with Chainguard's Timestamp Authority
Hector Fernandez, Staff Software Engineer
February 2, 2023
News
Chainguard & BoxBoat, an IBM company, announce strategic partnership to tackle software supply chain security
Kaylin Trychon, VP of Marketing and Communications
January 30, 2023