UNCHAINED

A curated collection of writings, research, and solutions

Read the latest software supply chain and open source security updates from our experts.

Categories
Research
Introducing "Speranza": Enhancing Software Signing with Privacy and Usability
Zachary Newman, Principal Research Scientist
May 30, 2023
Product
Fortify, Comply and Conquer FedRAMP with Chainguard Images
Dan Lorenc
May 25, 2023
Engineering
Building Chainguard's Container Image Registry
Jason Hall, Software Engineer
May 23, 2023
Open Source
OSS Security: Chainguard May 2023 Update
Tracy Miranda
May 22, 2023
Product
Policy Rollback and Auditing with Versions in Chainguard Enforce
Colin Douglas and Katy Howard
May 19, 2023
Product
Scaling Chainguard Images with a growing catalog and proactive security updates
Kim Lewandowski
May 18, 2023
Product
Enhancing Enterprise Reliability Features for Chainguard Enforce Customers
Adam Dawson and Narayan Iyengar
May 11, 2023
Security
How to Explain the CISA Software Attestation Requirements to Your Board
Dan Lorenc
May 5, 2023
Open Source
Meet Chainguard at Open Source Summit North America 2023 [May 10 – 12 in Vancouver]!
Tracy Miranda
May 5, 2023
Research
Enforce Against Vulnerability Sprawl with Up-to-Date Images
John Speed Meyers
May 3, 2023
News
Chainguard joins DHS S&T new startup cohort to strengthen software supply chain
Dan Lorenc
April 27, 2023
Engineering
Move Over, Dockerfiles! The New Way to Craft Containers
Jason Hall and Zachary Newman
April 27, 2023
Open Source
Open Source Software Takes Center Stage at RSA
Dan Lorenc
April 24, 2023
Open Source
npm + Sigstore: Making Javascript secure by default
Tracy Miranda
April 19, 2023
News
Chainguard and CNCF Conduct SLSA Assessments for Argo and Prometheus Projects
James Petersen
April 19, 2023
Open Source
Chainguard open sources new policy catalog for Sigstore policy-controller
Erin Glass and Ville Aikas
April 18, 2023
News
Chainguard Images Now Available to Government Agencies on U.S. Air Force Platform One
Dan Lorenc
April 17, 2023
Product
Chainguard Image Now Available for Prometheus
Dan Lorenc
April 14, 2023
News
Join Chainguard at KubeCon EU in Amsterdam April 19-21!
Sarah O'Rourke
April 13, 2023
Product
It all started with a commit: Celebrating 6 years of Distroless
Dan Lorenc and Matt Moore
April 12, 2023
Product
Tired of Searching Through Your Scan Results? Try the Chainguard OpenSearch Image
Dan Lorenc
April 7, 2023
Product
The role of attestations in a secure software supply chain
Zachary Newman
April 4, 2023
Open Source
ICYMI: What's new in Chainguard Academy
Lisa Tagliaferri
April 3, 2023
News
GitCommitted with Your Dream Base Image
Kirby Koo
April 1, 2023
Engineering
Are Kubernetes Validating Admission Policies the end of admission controllers?
Ville Aikas and Zachary Newman
March 31, 2023
Open Source
New Chainguard Academy tutorial: Cosign the Manual Way
Eddie Zaneski
March 30, 2023
Open Source
Sigstore policy-controller 101
Ville Aikas and Erin Glass
March 29, 2023
Product
Chainguard Image Now Available for NATS
Dan Lorenc
March 27, 2023
Open Source
Chainguard contributes Rekor Search Project to Sigstore
Priya Wadhwa
March 23, 2023
Product
5 Capabilities in Chainguard Enforce You Don’t Want to Miss (Your Security Team Will LOVE #4)
Adam Dawson
March 23, 2023
Open Source
OSS Security - Chainguard Spring 2023 Update
Tracy Miranda
March 22, 2023
Product
Chainguard Image Now Available for Apache Zookeeper
Dan Lorenc
March 20, 2023
Product
Using Chainguard Enforce to prepare for the Kubernetes registry deprecation
Adam Dawson and Ville Aikas
March 16, 2023
Research
New SLSA++ Survey Reveals Real-World Developer Approaches to Software Supply Chain Security
David A. Wheeler, The Linux Foundation; John Speed Meyers, Chainguard; Mikaël Barbero, Eclipse Foundation; and Rebecca Rumbul, Rust Foundation
March 13, 2023
Engineering
What the Fuzz? Better Coding through Randomized Testing
Zachary Newman
March 13, 2023
Security
What the fork: Imposter Commits in GitHub Actions and CI/CD
Billy Lynch
March 8, 2023
Product
Chainguard Image Now Available for Postgres
Dan Lorenc
March 6, 2023
News
Charting a secure by default future
Dan Lorenc
March 2, 2023
Engineering
apko: a year later
Ariadne Conill
February 28, 2023
Research
Chainguard Conducts SLSA Software Supply Chain Security Audit of Open Source Project Git
Adolfo García Veytia and John Speed Meyers
February 27, 2023
Product
Announcing Chainguard Enforce Discovery and Expanded Runtime Support
Adam Dawson and Mark Drake
February 27, 2023
Product
Hopping Into Spring With Chainguard’s RabbitMQ Image
Dan Lorenc
February 24, 2023
Product
SBOMs in a multi-architecture world
Matt Moore and Adolfo García Veytia
February 22, 2023
Engineering
Building towards OCI v1.1 support in cosign
Josh Dolitsky
February 17, 2023
News
Chainguard Named an IDC Innovator for Open Source Software Supply Chain Security
Dan Lorenc
February 15, 2023
A purl of Wisdom on SBOMs and Vulnerabilities
John Speed Meyers
February 14, 2023
Product
Chainguard Image Now Available for HAProxy
Adrian Mouat
February 9, 2023
Engineering
Not All That’s Signed Is Secure: Verify the Right Way with TUF and Sigstore
Zachary Newman and Marina Moore (NYU)
February 8, 2023
Product
Chainguard Image Now Available for Kubectl
Adrian Mouat
February 7, 2023
Product
How to Sign Private Artifacts Securely with Chainguard's Timestamp Authority
Hector Fernandez
February 2, 2023
News
Chainguard & BoxBoat, an IBM company, Announce Strategic Partnership to Tackle Software Supply Chain Security
Kaylin Trychon
January 30, 2023
Open Source
Chainguard to Accelerate VEX Adoption through OpenVEX Specification
Dan Lorenc
January 30, 2023
Product
Four New Ways to Protect Your Supply Chain With Chainguard Enforce
Adam Dawson
January 30, 2023
News
Come see us at CloudNativeSecurityCon in Seattle Feb 1-2!
Sarah O'Rourke
January 27, 2023
Make SBOMs, not GuessBOMs: Why we need to shift left on SBOM generation
Tracy Miranda
January 25, 2023
Product
Go 1.20 is coming, and it brings even more security by default
Adrian Mouat
January 23, 2023
Engineering
GitHub Container Registry private repos sometimes… weren’t
Jason Hall
January 23, 2023
News
Building the first memory safe distro
Dan Lorenc and Ariadne Conill
January 23, 2023
Open Source
Understanding the relationship between FOSS and the “software supply chain”
Ariadne Conill
January 20, 2023
Product
Chainguard Image Now Available for Python 3.11
Dan Lorenc
January 19, 2023
Research
Are SBOMs Good Enough for Government Work?
John Speed Meyers
January 18, 2023
Security
Understanding The Promise of VEX
Kaylin Trychon
January 18, 2023
Product
Chainguard Image Now Available for Bazel
Dan Lorenc
January 17, 2023
Engineering
Conquer your Build Horizon with Chainguard Enforce in 2023
Matt Moore
January 13, 2023
Product
Open Policy Agent Uses Chainguard Images to Safeguard from OpenSSL Vulnerabilities
Adrian Mouat
January 11, 2023
Engineering
Building Wolfi from the ground up… and announcing arm64 support!
Jason Hall
January 10, 2023
Product
Benefits of Keyless Software Signing
Kaylin Trychon
January 6, 2023
Product
Chainguard Image Now Available for Redis
Dan Lorenc
January 4, 2023
Open Source
Highlights from OpenSSF’s 2022 Annual Report
Kaylin Trychon
December 30, 2022
Product
Chainguard Image Now Available for Ruby 3.2
Dan Lorenc
December 29, 2022
Engineering
Building Images for the Secure Supply Chain
Adrian Mouat
December 27, 2022
News
Introducing Chainguard Labs: An Update on an Open, Living Software Supply Chain Compromises Dataset and new SBOM research efforts
John Speed Meyers and Zack Newman
December 20, 2022
Research
Are SBOMs Any Good? Preliminary Measurement of the Quality of Open Source Project SBOMs
John Speed Meyers
December 20, 2022
Product
Getting started with Rego policies in Chainguard Enforce
Adam Dawson
December 20, 2022
News
Our 2023 Technology Trends & Predictions for Software Security
Chainguard Team
December 15, 2022
Open Source
The Archiving of the Gorilla Web Toolkit: A Tale of Two Software Security Risks
Dan Luhring and Eddie Zaneski
December 13, 2022
Product
ICYMI: Our Chainsmas Spaces Recap
December 9, 2022
Product
Chainguard Enforce Announces New Software Signing Capability, Enterprise Supply Chain Security Updates
Adam Dawson and Priya Wadhwa
December 7, 2022
Software Supply Chain Security: Broader Than SolarWinds and Log4J
Dan Lorenc
December 7, 2022
Security
Principles for Secure Software Distribution: Lessons from Leaked Android Platform Signing Keys
Zack Newman
December 2, 2022
Securing the Machine Learning Supply Chain
Zack Newman
November 30, 2022
News
Chainguard Enforce is now available on AWS Marketplace
Adam Dawson
November 27, 2022
Engineering
Reflections on Trusting VEX (or when humans can improve SBOMs)
Adolfo García Veytia
November 23, 2022
Open Source
7 Reasons You Should Plan to Adopt Sigstore in 2023
Tracy Miranda
November 17, 2022
Research
Software Dark Matter is the Enemy of Software Transparency
John Speed Meyers, Adolfo Veytia, Dan Luhring, Zack Newman, and Santiago Torres-Arias
November 9, 2022
News
Mitigating OpenSSL Vulnerability with Chainguard
Dan Lorenc
November 1, 2022
Open Source
Life of a Sigstore Signature
Zack Newman and Jed Salazar
October 25, 2022
News
Chainguard at KubeCon North America: October 24-28!
Team Chainguard
October 20, 2022
Engineering
Is CVE-2022-42889 the next Log4Shell? Not really.
Ariadne Conill
October 20, 2022
Product
New Apache Commons Text CVE Feels like Déjà Vu All Over Again
Dan Lorenc
October 19, 2022
Open Source
Chainguard enthusiastically supports donating ko to CNCF
Jason Hall
October 18, 2022
News
Sigstore is now Generally Available
Priya Wadhwa
October 18, 2022
Engineering
Breaking down PCI Guidance for Containers and Container Orchestration Tools
Adam Dawson
October 14, 2022
Research
Hunting Malware on Package Repositories
Ly D. Vu, Zack Newman, and John Speed Meyers
October 13, 2022
Research
What’s in the CNSA Suite, and who should care?
Zack Newman
October 5, 2022
Security
Putting VEX To Work
Adolfo García Veytia
October 3, 2022
News
What’s Software Supply Chain Security Got To Do With The State of DevOps Report? A Lot.
John Speed Meyers, Todd Kulesza
September 28, 2022
Engineering
What's new in SPDX 2.3?
Adolfo García Veytia
September 26, 2022
News
Chainguard Enforce Is Now Generally Available
Kim Lewandowski
September 21, 2022
News
Learn to Build Software that is Secure by Default with Chainguard Academy
Lisa Tagliaferri
September 21, 2022