UNCHAINED

A curated collection of writings, research, and solutions

Read the latest software supply chain and open source security updates from our experts.

Engineering
The end of GitHub PATs: You can’t leak what you don’t have
Matt Moore, CTO and Co-founder
April 11, 2024
News
A more secure (and smaller) Big Bang
Dan Lorenc, CEO and Co-founder and Josh Wolf(i), Staff Software Engineer
April 9, 2024
Product
New Chainguard Images in March 2024: Your safe source for open source
Jordi Mon Companys, Senior Product Marketing Manager
April 4, 2024
Security
The story of the most vulnerable Chainguard Image
Jason Hall, Serious Principal Software Engineer
April 1, 2024
Engineering
Subtraction by addition: Leaner images, safer code
Jason Hall, Principal Software Engineer
March 29, 2024
Security
Chainguard’s response to CVE-2024-3094, aka the backdoor in xz library
Philippe Deslauriers, Chief of Staff, Engineering
March 29, 2024
Research
Why end-of-life software means 400+ CVEs per year
Trevor Dunlap, Principal Researcher
March 28, 2024
Product
Chainguard patches 3 “silent” Golang CVEs in under 24 hours
Jordi Mon Companys, Senior Product Marketing Manager
March 21, 2024
News
Chainguard Images now available on Docker Hub
Dan Lorenc, CEO and Co-founder, Chainguard
March 14, 2024
Product
GitGuardian pioneers secure code solutions down to its source with Chainguard Images
Ty McCloskey, Sr. Content Specialist
March 13, 2024
News
Check out Chainguard at KubeCon in Paris on March 19–22!
Ty McCloskey, Sr. Content Specialist
March 12, 2024
Security
New Chainguard Images for Selenium, Gotenberg and more
Jordi Mon Companys, Senior Product Marketing Manager
March 11, 2024
Product
Unlocking Chainguard’s container security solutions
Ty McCloskey, Sr. Content Specialist
March 5, 2024
Engineering
Building minimal and low CVE images for compiled languages
Adrian Mouat, Staff DevRel Engineer
February 27, 2024
Research
Get 'em while they're hot! How and why Wolfi releases are so fast
James Rawlings, Staff Software Engineer; John Speed Meyers, Manager, DevRel & Labs; and Adrian Mouat, Staff DevRel Engineer
February 22, 2024
Engineering
Reimagining the Linux distro with Wolfi
Adrian Mouat, Staff DevRel Engineer
February 21, 2024
Security
Continuous hardening of Chainguard’s internal software supply chain
Jed Salazar, Security Engineer
February 21, 2024
Security
Unpacking libuv’s CVE-2024-24806: software dark matter will go under the radar (not in Chainguard Images, tho)
Jordi Mon Companys, Senior Product Marketing Manager
February 16, 2024
Security
Streamline your FedRAMP certification with this container security checklist
Ty McCloskey, Sr. Content Specialist
February 15, 2024
Security
New Chainguard Academy course: Painless Vulnerability Management
Erin Glass, Senior Product Manager
February 14, 2024
Product
Revolutionizing container security and CVE management
Jamon Camisso, Staff Developer Experience Engineer
February 8, 2024
Research
Why your company is wasting thousands of hours on software vulnerabilities
John Speed Meyers, Principal Research Scientist, and Garry Ing, Product Designer
February 6, 2024
Security
Chainguard’s response to CVE-2023-6246 in glibc
Jordi Mon Companys, Senior Product Marketing Manager
February 1, 2024
Security
How Chainguard protects against “Leaky Vessel” container escape vulnerabilities
Dan Luhring, Staff Software Engineer
February 1, 2024
News
Chainguard Terraform Provider is now available
Colin Douglas, Senior Software Engineer
January 31, 2024
Product
Diff API: Your new ally in navigating Chainguard Image daily rebuilds
Adam Dawson, Principal Product Manager
January 31, 2024
Security
Why images with zero-known CVEs are worth it
Adrian Mouat, Staff DevRel Engineer
January 26, 2024
Product
Our approach to continuous documentation for Chainguard Images
Erika Heidi, Developer Experience Engineer
January 24, 2024
Product
Images as Code: The pursuit of declarative image builds
Matt Moore, CTO
January 22, 2024
Open Source
Wolfi: a new paradigm in Linux for containers
Erika Heidi, Developer Experience Engineer
January 17, 2024
Open Source
Kubeburned out? Navigating the world of Kubernetes without losing your spark
Carlos Panato, Staff Software Engineer and Sascha Grunert, Senior Software Engineer, Red Hat
January 10, 2024
Security
Strengthening your software supply chain security
Adrian Mouat, Staff DevRel Engineer
January 8, 2024
Security
An easier road to SOC 2 begins with the right approach — and the right technology
Thomas Strömberg, Director of Security
January 4, 2024
Security
Cybersecurity hygiene in co-working spaces: A practical guide
Lewis Denham-Parry, Senior Solutions Architect
January 2, 2024
Product
Software development security redefined: Sourcegraph’s story
Ty McCloskey, Sr. Content Specialist
December 20, 2023
Product
Securing cloud native’s most important use cases
Jordi Mon Companys, Product Marketing Manager and Nghia Tran, Senior Engineering Manager
December 19, 2023
Engineering
Keep your Chainguard Images up to date with digestabot
Erin Glass, Senior Product Manager & Carlos Panato, Staff Software Engineer
December 18, 2023
Product
Building minimal, up-to-date cloud images with Wolfi
James Rawlings, Staff Software Engineer
December 15, 2023
Product
New year, new image: Introducing the Chainguard Images Directory
Adam Dawson, Principal Product Manager
December 13, 2023
News
Chainguard Images now available on Magalu Cloud container registry
Dustin Kirkland, VP of Engineering
December 12, 2023
News
New Images guides on Chainguard Academy!
Mark Drake, Staff Technical Writer
December 5, 2023
News
AWS Inspector Adds Support for Chainguard Images
Kaylin Trychon, Vice President of Marketing
November 30, 2023
Product
Into the deep: Exploring Chainguard Container Images
Matt Moore, CTO
November 29, 2023
Product
The incremental path to container images: Chainguard Images
Matt Moore, CTO
November 28, 2023
News
Top 5 takeaways from KubeCon NA 2023: SSCS, Wolfi and more
Ville Aikas, Co-founder & Distinguished Engineer
November 21, 2023
Research
Can debloated containers pass the zero CVE test?
Paul Gibert, Chainguard Visiting Researcher
November 20, 2023
Engineering
Chainguard's image tagging philosophy: enabling high velocity updates (pt. 3 of 3)
Jason Hall, Staff Software Engineer
November 17, 2023
Engineering
Chainguard's image tagging philosophy: enabling high velocity updates (pt. 2 of 3)
Jason Hall, Staff Software Engineer
November 15, 2023
Product
Chainguard announces new Sigstore Images to bring critical software supply chain tooling to enterprises
Kaylin Trychon, Vice President of Marketing
November 14, 2023
Engineering
Chainguard's image tagging philosophy: enabling high velocity updates (pt. 1 of 3)
Jason Hall, Staff Software Engineer
November 13, 2023
News
New report shows disconnect between developers and security teams on software supply chain security priorities and responsibilities
Chainguard
November 8, 2023
Product
Celebrating innovation in open source software and container image security with Chainguard Images
Kim Lewandowski, Chief Product Officer
November 1, 2023
News
Chainguard raises $61 million series B round as enterprises move to fortify open source software
Chainguard
November 1, 2023
Product
The phantom menace of CVE-2019-3826: Unmasking the false positive
John Speed Meyers, Principal Research Scientist
October 31, 2023
Open Source
Unlocking efficiency and security on GitLab: On-demand images with 0-CVE packages powered by Wolfi
Batuhan Apaydin and Furkan Türkal
October 30, 2023
Product
The haunting silence of CVE-Unknown: Unveiling the secrets of silent fixes
John Speed Meyers, Principal Research Scientist
October 25, 2023
Product
Announcing Bazel rules for extending Chainguard Images
Adam Dawson, Principal Product Manager at Chainguard and Alex Eagle, Aspect
October 24, 2023
Open Source
VEXed? Then Grype about it: Chainguard and Anchore announce Grype supports OpenVEX
Adolfo Veytia, Alex Goodman, Dan Luhring, and John Speed Meyers
October 23, 2023
News
Check out Chainguard at KubeCon NA in Chicago on November 6-9!
Will Dolinsky, Content Marketing Specialist
October 20, 2023
Product
The unmasking of the Phantom's Masquerade: When junk CVEs reveal their true nature
John Speed Meyers, Principal Research Scientist
October 17, 2023
Product
Introducing Chainguard Images for Node.js LTS 20, Python 3.12 and OpenJDK/JRE 21
Adam Dawson, Principal Product Manager
October 11, 2023
Product
Chainguard’s response to CVE-2023-38545 and CVE-2023-38546 in curl
Dan Luhring, Staff Software Engineer
October 11, 2023
Product
The haunting of CVE-2022-3474: A ghostly tale of package detection failure
John Speed Meyers, Principal Research Scientist
October 10, 2023
Security
Why Chainguard uses Grype as its first line of defense for CVEs
Dan Luhring, Staff Software Engineer
October 6, 2023
Security
Understanding attacker techniques in distroless containers
Adrian Mouat, Staff DevRel Engineer
October 5, 2023
Product
The haunting of CVE-2023-2454: A developer's nightmare
John Speed Meyers, Principal Research Scientist
October 3, 2023
Open Source
Small octopus and a big idea: The story of how a one-year old Linux un-distro is improving the cloud’s software supply chain
Team Wolfi
September 27, 2023
Product
Chainguard’s response to CVE-2023-4527 in glibc
Dan Luhring, Staff Software Engineer
September 25, 2023
News
A growing ecosystem of vulnerability scanners that now support Chainguard Images and Wolfi
Kim Lewandowski, Chief Product Officer
September 21, 2023
Open Source
How to use Dockerfiles with wolfi-base images
Adrian Mouat, Staff DevRel Engineer
September 14, 2023
Product
An update on Chainguard Images FIPS Validation
Adam Dawson, Product Manager, Chainguard Images
September 13, 2023
Open Source
Working with government and industry to put open source security tooling into practice
John Speed Meyers, Principal Research Scientist and Adolfo García Veytia, Staff Software Engineer
September 12, 2023
Research
Stemming the tide of false positive vulnerabilities
Trevor Dunlap, NCSU and Chainguard Intern, Zack Newman, Principal Research Scientist
September 11, 2023
Product
Announcing a Chainguard Image for OpenTF
Dan Lorenc, CEO
September 6, 2023
Product
Update for Chainguard Images users on HashiCorp license changes
Kim Lewandowski, Chief Product Officer
September 1, 2023
Research
Making vulnerability data better for machines (and humans!) with OpenVEX: How Isovalent and Chainguard use OpenVEX
Feroz Salam, Isovalent and Adolfo García Veytia and John Speed Meyers, Chainguard
August 31, 2023
Product
Announcing general availability for Chainguard Enforce for GitHub
Billy Lynch
August 29, 2023
Product
Securing the ML supply chain with new Chainguard AI Images
Dan Lorenc, CEO
August 24, 2023
Product
When a picture is worth 306 CVEs: New image vulnerability comparisons in Chainguard Academy
Jamon Camisso, Developer Experience Engineer
August 23, 2023
Product
Exploring new capabilities in the Chainguard Registry to enable secure and efficient container image management
Kim Lewandowski, Chief Product Officer
August 22, 2023
Product
Chainguard Image now available for Zig
Dan Lorenc, CEO
August 18, 2023
Product
Important updates for Chainguard Images public catalog users
Kim Lewandowski, Chief Product Officer
August 16, 2023
Engineering
Fully bootstrapping Go from source in Wolfi
Ariadne Conill, Principal Software Engineer
August 11, 2023
Security
What every CISO should know about the new SSDF security self-attestation form
Dan Lorenc, CEO; Christian Baer, Senior Associate and Sully Perella, Technical Director at Schellman
August 8, 2023
News
Get in Chainguard, we’re going to fabulous Las Vegas!
Kaylin Trychon, VP of Marketing and External Affairs
August 4, 2023
The zero CVE challenge: Can official Docker Hub images pass the test?
Trevor Dunlap, Research Intern
August 3, 2023
Open Source
Can Protobom end the SBOM format wars?
Adolfo García Veytia, Staff OSS Engineer and John Speed Meyers, Principal Research Scientist
July 31, 2023
Open Source
wolfi-act: Dynamic GitHub Actions from Wolfi packages
Josh Dolistky, Staff Software Engineer
July 28, 2023
Security
Fuzzy CVEs, tarfiles, and untrusted input
Dan Lorenc, CEO
July 27, 2023
News
Elastic partners with Chainguard on Software Supply Chain security and SLSA assessment
Paul McCann, Principal Product Security Engineer at Elastic and Lewis Denham-Parry, Solutions Architect
July 26, 2023
Engineering
Good MLOps is good ML supply chain security
Zachary Newman, Principal Research Scientist and Savin Goyal, CTO at Outerbounds
July 25, 2023
Product
Chainguard announces availability of new SBOM, vulnerability analysis and software signing capabilities in Enforce
Kim Lewandowski, Chief Product Officer
July 19, 2023
Product
Introducing automatic vulnerability analysis features in Chainguard Enforce
Priya Wadhwa, Engineering Manager
July 19, 2023
Product
Introducing new SBOM features in Chainguard Enforce
Narayan Iyengar, Product Manager
July 19, 2023
Product
How Chainguard utilizes software signatures for supply chain security
Priya Wadhwa, Engineering Manager
July 19, 2023
News
Chainguard named to inaugural Redpoint InfraRed 100
Kaylin Trychon, VP of Marketing and Communications
July 17, 2023
Product
How Chainguard fixes vulnerabilities before they're detected
Jason Hall, Software Engineer
July 14, 2023
Engineering
OCI announces upcoming changes for registries
Josh Dolitsky, Staff Software Engineer
July 13, 2023
News
Advancing the use of memory safe programming languages
Kaylin Trychon, VP of Marking and Communications
July 12, 2023
News
Cleared for takeoff: Meeting TSA’s new cybersecurity requirements
Kaylin Trychon, VP of Marketing and Communications
July 10, 2023
Engineering
So you want to check image signatures in Kubernetes…?
Dan Lorenc, CEO
July 6, 2023
Product
Reproducing Chainguard’s reproducible image builds
Matt Moore, CTO
July 5, 2023
News
Strengthening CI/CD Environments: Insights from NSA and DHS CISA guidance
Dan Lorenc, CEO
June 30, 2023
Product
Chainguard Image now available for Pulumi
Josh Dolitsky, Staff Software Engineer
June 29, 2023
Product
A guide on how to use Chainguard Images for public catalog tier users
Adrian Mouat, Staff OSS Engineer
June 23, 2023
Engineering
The principle of minimalism
Jed Salazar, Solutions Architect and Matt Moore, CTO
June 22, 2023
News
An enhanced Chainguard Academy learning experience
Lisa Tagliaferri, Senior Director of Developer Education
June 22, 2023
Research
Ship software to Uncle Sam faster with zero-known vulnerability containers
John Speed Meyers, Principal Research Scientist
June 20, 2023
News
Government perspectives on software self-attestation requirements
Chainguard Team
June 15, 2023
News
The importance of toolchain security in NIST's SSDF
Dan Lorenc, CEO
June 12, 2023
Engineering
Designing build date epoch in Chainguard Images
Matt Moore, CTO
June 8, 2023
News
Celebrating 5 years of NTIA’s SBOM work
Dan Lorenc, CEO
June 7, 2023
Come see Chainguard (virtually) at Cloudsmith Unpacked on June 20!
Kim Lewandowski, Chief Product Officer
June 6, 2023
Engineering
Fully bootstrapping Java from source in Wolfi
Ariadne Conill, Principal Software Engineer and Josh Wolf, Software Engineer
June 2, 2023
Research
Introducing "Speranza": Enhancing software signing with privacy and usability
Zachary Newman, Principal Research Scientist
May 30, 2023
Product
Fortify, comply and conquer FedRAMP with Chainguard Images
Dan Lorenc, CEO
May 25, 2023
Engineering
Building Chainguard's container image registry
Jason Hall, Software Engineer
May 23, 2023
Open Source
OSS security: Chainguard May 2023 update
Tracy Miranda, Head of Open Source
May 22, 2023
Product
Policy rollback and auditing with versions in Chainguard Enforce
Colin Douglas, Software Engineer and Katy Howard, Software Engineer
May 19, 2023
Product
Scaling Chainguard Images with a growing catalog and proactive security updates
Kim Lewandowski, Chief Product Officer
May 18, 2023
Product
Enhancing enterprise reliability features for Chainguard Enforce customers
Adam Dawson, Product Manager and Narayan Iyengar, Product Manager
May 11, 2023
Open Source
Meet Chainguard at Open Source Summit North America 2023 [May 10 – 12 in Vancouver]!
Tracy Miranda, Head of Open Source
May 5, 2023
Security
How to explain the CISA software attestation requirements to your board
Dan Lorenc, CEO
May 5, 2023
Research
Enforce against vulnerability sprawl with up-to-date images
John Speed Meyers, Principal Research Scientist
May 3, 2023
Engineering
Move over, Dockerfiles! The new way to craft containers
Jason Hall, Software Engineer and Zachary Newman, Principal Research Scientist
April 27, 2023
News
Chainguard joins DHS S&T new startup cohort to strengthen software supply chain
Dan Lorenc, CEO
April 27, 2023
Open Source
Open source software takes center stage at RSA
Dan Lorenc, CEO
April 24, 2023
News
Chainguard and CNCF conduct SLSA assessments for Argo and Prometheus projects
James Petersen, Solutions Architect
April 19, 2023
Open Source
npm + Sigstore: Making Javascript secure by default
Tracy Miranda, Head of Open Source
April 19, 2023
News
Chainguard Images now available to government agencies on U.S. Air Force Platform One
Dan Lorenc, CEO
April 18, 2023
Open Source
Chainguard open sources new policy catalog for Sigstore policy-controller
Erin Glass, Product Manager and Ville Aikas, Distinguished Engineer
April 18, 2023
Product
Chainguard Image now available for prometheus
Dan Lorenc, CEO
April 14, 2023
News
Join Chainguard at KubeCon EU in Amsterdam April 19-21!
Sarah O'Rourke, Communications Director
April 13, 2023
Product
It all started with a commit: Celebrating 6 years of Distroless
Dan Lorenc, CEO and Matt Moore, CTO
April 12, 2023
Product
Tired of searching through your scan results? Try the Chainguard OpenSearch Image
Dan Lorenc, CEO
April 7, 2023
Product
The role of attestations in a secure software supply chain
Zachary Newman, Principal Research Scientist
April 4, 2023
Open Source
ICYMI: What's new in Chainguard Academy
Lisa Tagliaferri, Director of Developer Education
April 3, 2023
News
GitCommitted with your dream base image
Kirby Koo, Social and Community Relations
April 1, 2023
Engineering
Are Kubernetes Validating Admission Policies the end of admission controllers?
Ville Aikas, Distinguished Engineer and Zachary Newman, Principal Research Scientist
March 31, 2023
Open Source
New Chainguard Academy tutorial: Cosign the manual way
Eddie Zaneski, Staff OSS Engineer
March 30, 2023
Open Source
Sigstore policy-controller 101
Erin Glass, Product Manager and Ville Aikas, Distinguished Engineer
March 29, 2023
Product
Chainguard Image now available for NATS
Dan Lorenc, CEO
March 27, 2023
Open Source
Chainguard contributes Rekor Search project to Sigstore
Priya Wadhwa, Engineering Manager
March 24, 2023
Product
5 capabilities in Chainguard Enforce you don’t want to miss (your security team will LOVE #4)
Adam Dawson, Product Manager
March 23, 2023
Open Source
OSS Security: Chainguard Spring 2023 update
Tracy Miranda, Head of Open Source
March 22, 2023
Product
Chainguard Image now available for Apache Zookeeper
Dan Lorenc, CEO
March 20, 2023
Product
Using Chainguard Enforce to prepare for the Kubernetes registry deprecation
Adam Dawson, Product Manager and Ville Aikas, Distinguished Engineer
March 16, 2023
Research
New SLSA++ Survey reveals real-world developer approaches to software supply chain security
David A. Wheeler, The Linux Foundation; John Speed Meyers, Chainguard; Mikaël Barbero, Eclipse Foundation; and Rebecca Rumbul, Rust Foundation
March 15, 2023
Engineering
What the fuzz? Better coding through randomized testing
Zachary Newman, Principal Research Scientist
March 13, 2023
Security
What the fork? Imposter commits in GitHub Actions and CI/CD
Billy Lynch, Staff Software Engineer
March 8, 2023
Product
Chainguard Image now available for Postgres
Dan Lorenc, CEO
March 6, 2023
News
Charting a secure by default future
Dan Lorenc, CEO
March 2, 2023
Research
Chainguard conducts SLSA software supply chain security audit of open source project Git
Adolfo García Veytia, Staff OSS Engineer and John Speed Meyers, Principal Research Scientist
March 1, 2023
Engineering
apko: a year later
Ariadne Conill, Principal Software Engineer
February 28, 2023
Product
Announcing Chainguard Enforce discovery and expanded runtime support
Adam Dawson, Product Manager and Mark Drake, Technical Writer
February 27, 2023
Product
Hopping into spring with Chainguard’s RabbitMQ Image
Dan Lorenc, CEO
February 24, 2023
Product
SBOMs in a multi-architecture world
Adolfo García Veytia, Staff OSS Engineer and Matt Moore, CTO
February 22, 2023
Engineering
Building towards OCI v1.1 support in cosign
Josh Dolitsky, Software Engineer
February 17, 2023
News
Chainguard named an IDC Innovator for open source software supply chain security
Dan Lorenc, CEO
February 15, 2023
Research
A purl of wisdom on SBOMs and vulnerabilities
John Speed Meyers, Principal Research Scientist
February 14, 2023
Product
Chainguard Image now available for HAProxy
Adrian Mouat, Staff OSS Engineer
February 9, 2023
Engineering
Not all that’s signed is secure: Verify the right way with TUF and Sigstore
Zachary Newman, Principal Research Scientist and Marina Moore (NYU)
February 8, 2023
Product
Chainguard Image now available for Kubectl
Adrian Mouat, Staff OSS Engineer
February 7, 2023
Product
How to sign private artifacts securely with Chainguard's Timestamp Authority
Hector Fernandez, Staff Software Engineer
February 2, 2023
News
Chainguard & BoxBoat, an IBM company, announce strategic partnership to tackle software supply chain security
Kaylin Trychon, VP of Marketing and Communications
February 1, 2023
Open Source
Chainguard to accelerate VEX adoption through OpenVEX specification
Dan Lorenc, CEO
January 31, 2023
Product
Four new ways to protect your supply chain with Chainguard Enforce
Adam Dawson, Product Manager
January 30, 2023
News
Come see us at CloudNativeSecurityCon in Seattle Feb 1-2!
Sarah O'Rourke, Communications Director
January 27, 2023
Research
Make SBOMs, not GuessBOMs: Why we need to shift left on SBOM generation
Tracy Miranda, Head of Open Source
January 26, 2023
News
Building the first memory safe distro
Dan Lorenc, CEO and Ariadne Conill, Principal Software Engineer
January 25, 2023
Product
Go 1.20 is coming, and it brings even more security by default
Adrian Mouat, Staff OSS Engineer
January 24, 2023
Engineering
GitHub Container Registry private repos sometimes… weren’t
Jason Hall, Software Engineer
January 23, 2023
Product
Chainguard Image now available for Python 3.11
Dan Lorenc, CEO
January 20, 2023
Open Source
Understanding the relationship between FOSS and the “software supply chain”
Ariadne Conill, Principal Software Engineer
January 20, 2023
Research
Are SBOMs good enough for government work?
John Speed Meyers, Principal Research Scientist
January 19, 2023
Security
Understanding the promise of VEX
Kaylin Trychon, VP of Marketing and Communications
January 18, 2023
Product
Chainguard Image now available for Bazel
Dan Lorenc, CEO
January 17, 2023
Engineering
Conquer your Build Horizon with Chainguard Enforce in 2023
Matt Moore, CTO
January 13, 2023
Product
Open Policy Agent uses Chainguard Images to safeguard from OpenSSL vulnerabilities
Adrian Mouat, Staff OSS Engineer
January 11, 2023
Engineering
Building Wolfi from the ground up and announcing arm64 support!
Jason Hall, Software Engineer
January 10, 2023
Product
Benefits of keyless software signing
Kaylin Trychon, VP of Marketing and Communications
January 6, 2023
Product
Chainguard Image now available for Redis
Dan Lorenc, CEO
January 4, 2023
Open Source
Highlights from OpenSSF’s 2022 Annual Report
Kaylin Trychon, VP of Marketing and Communications
December 30, 2022
Product
Chainguard Image now available for Ruby 3.2
Dan Lorenc, CEO
December 29, 2022
Engineering
Building images for the secure supply chain
Adrian Mouat, Staff OSS Engineer
December 27, 2022
Research
Are SBOMs any good? Preliminary measurement of the quality of open source project SBOMs
John Speed Meyers, Principal Research Scientist
December 21, 2022
News
Introducing Chainguard Labs: An update on an open, living software supply chain compromises dataset and new SBOM research efforts
John Speed Meyers and Zachary Newman, Principal Research Scientists
December 21, 2022
Product
Getting started with Rego policies in Chainguard Enforce
Adam Dawson, Product Manager
December 20, 2022
News
Our 2023 technology trends & predictions for software security
Chainguard Team
December 15, 2022
Open Source
The archiving of the Gorilla Web Toolkit: A tale of two software security risks
Dan Luhring, Staff Software Engineer and Eddie Zaneski, Staff OSS Engineer
December 13, 2022
Product
ICYMI: Our Chainsmas spaces recap
Chainguard Team
December 9, 2022
Product
Chainguard Enforce announces new software signing capability, enterprise supply chain security updates
Adam Dawson, Product Manager and Priya Wadhwa, Engineering Manager
December 8, 2022
Software supply chain security: Broader than SolarWinds and Log4J
Dan Lorenc, CEO
December 7, 2022
Security
Principles for secure software distribution: Lessons from leaked Android platform signing keys
Zackary Newman, Principal Research Scientist
December 2, 2022
Research
Securing the machine learning supply chain
Zackary Newman, Principal Research Scientist
November 30, 2022
News
Chainguard Enforce is now available on AWS Marketplace
Adam Dawson, Product Manager
November 27, 2022
Engineering
Reflections on trusting VEX (or when humans can improve SBOMs)
Adolfo García Veytia, Staff OSS Engineer
November 23, 2022
Open Source
7 reasons you should plan to adopt Sigstore in 2023
Tracy Miranda, Head of Open Source
November 17, 2022
Research
Software dark matter is the enemy of software transparency
John Speed Meyers, Adolfo Veytia, Dan Luhring, Zack Newman, and Santiago Torres-Arias
November 9, 2022
News
Mitigating OpenSSL vulnerability with Chainguard
Dan Lorenc, CEO
November 1, 2022
News
Sigstore is now generally available
Priya Wadhwa, Engineering Manager
October 25, 2022
News
Chainguard at KubeCon North America: October 24-28!
Chainguard Team
October 20, 2022
Engineering
Is CVE-2022-42889 the next Log4Shell? Not really.
Ariadne Conill, Principal Software Engineer
October 19, 2022
Product
New Apache Commons Text CVE feels like déjà vu all over again
Dan Lorenc, CEO
October 18, 2022
Open Source
Chainguard enthusiastically supports donating ko to CNCF
Jason Hall, Software Engineer
October 18, 2022
Engineering
Breaking down PCI guidance for containers and container orchestration tools
Adam Dawson, Product Manager
October 14, 2022
Research
Hunting malware on package repositories
Ly D. Vu, Zachary Newman, and John Speed Meyers
October 13, 2022
Research
What’s in the CNSA Suite, and who should care?
Zachary Newman, Principal Research Scientist
October 5, 2022
Security
Putting VEX to work
Adolfo García Veytia, Staff OSS Engineer
October 3, 2022
News
What’s software supply chain security got to do with the State of DevOps Report? A Lot.
John Speed Meyers, Principal Research Scientist and Todd Kulesza (Google)
September 28, 2022
Engineering
What's new in SPDX 2.3?
Adolfo García Veytia
September 26, 2022
Product
Introducing Wolfi: The first Linux (un)distro designed for securing the software supply chain
Dan Lorenc, CEO
September 22, 2022
News
Chainguard Enforce is now generally available
Kim Lewandowski, Chief Product Officer
September 22, 2022
News
Learn to build software that is secure by default with Chainguard Academy
Lisa Tagliaferri, Director of Developer Education
September 22, 2022
News
Chainguard at Open Source Summit Europe: September 13-16
Kaylin Trychon, VP of Marketing and Communications
September 12, 2022
News
Top 5 Takeaways on the NSA / CISA / ODNI Developer Guidelines for Securing the Software Supply Chain
Dan Lorenc, CEO
September 9, 2022
Security
Don’t overlook the boardroom benefits of a secure software supply chain
Kim Lewandowski, Chief Product Officer
September 7, 2022
Security
What your scanner doesn't know **Can** hurt you
Dan Lorenc, CEO
September 2, 2022
Security
A Toolbox for a Secure Software Supply Chain
Marina Moore, Summer Intern
August 25, 2022
Research
Taming bad Python packages: Assessing Python malware detectors with a benchmark dataset
John Speed Meyers and Zachary Newman, Principal Research Scientists
August 23, 2022
Product
A deeper look into the continuous verification capability of Chainguard Enforce
Kim Lewandowski, Chief Product Officer
August 22, 2022
News
There's no such thing as vulnerability-free software, it simply doesn't exist… yet
Dan Lorenc
August 18, 2022
Security
Black Hat 2022 Recap: Attacking the Software Supply Chain
James Strong
August 17, 2022
Security
Implementing Secure Software Supply Chain Security Controls: Understanding NIST SSDF & SLSA Frameworks
Jason Lutz, Customer Engineer
August 3, 2022
Security
Sigstore for CISOs
John Speed Meyers, Principal Research Scientist and John Osborne, Principal Sales Engineer
July 28, 2022
Engineering
Secure your software factory with melange and apko
Josh Dolitsky, Staff Software Engineer
July 21, 2022
News
Let's stop insecure software from eating the world
Dan Lorenc, CEO
July 15, 2022
Engineering
Minimal container images: Towards a more secure future
Adrian Mouat, Staff OSS Engineer
July 14, 2022
Research
Do the dependency trees of widely used packages grow?
John Speed Meyers, Zachary Newman, Jacobo McGuire, Marina Moore
July 13, 2022
Open Source
We applaud PyPI steps to make Python more secure
Dan Lorenc, CEO
July 12, 2022
Open Source
Transparently immutable tags using Sigstore's Rekor
Jason Hall, Software Engineer
July 7, 2022
Open Source
Get started with Sigstore (Free Course!)
Chainguard Team
June 22, 2022
Engineering
Keyless Git commit signing with Gitsign and GitHub Actions
Billy Lynch, Staff Software Engineer
June 20, 2022
News
Chainguard KubeCon EU 2022 Wrap Up
June 13, 2022
Security
The security costs of base image version loitering
John Speed Meyers, Ariadne Conill, Adrian Mouat
June 9, 2022
Product
Announcing the First Images Designed for a Secure Software Supply Chain
Dan Lorenc
June 2, 2022
News
Chainguard raises $50M in Series A to make software supply chain secure by default, introduces secure container base images
Chainguard, Inc.
June 2, 2022
Open Source
Where Do I Sign? Step-by-step Sigstore Adoption
Jed Salazar
June 1, 2022
Security
Dealing with multiple SBOMs
Adolfo García Veytia, Staff OSS Engineer
May 27, 2022
Security
The Dirty Secret of Cybersecurity Standards
John Speed Meyers
May 19, 2022
Security
A Crash Course in Software Supply Chain Security
Zachary Newman
May 13, 2022
News
A call to standardize on digital signatures for software security with Sigstore
Chainguard Team
May 12, 2022
Engineering
Image sizes miss the point
Ariadne Conill, Principal Software Engineer
May 12, 2022
News
Join Chainguard @ KubeCon EU: May 16 – 20
Roxanne Joncas
May 5, 2022
Product
Introducing Chainguard Enforce: A pragmatic solution for software supply chain security
Kim Lewandowski, Chief Product Officer
April 26, 2022
Engineering
Not All SBOMs Are Created Equal
Ariadne Conill
April 22, 2022
Open Source
Is Sigstore susceptible to psychic signatures? Sources say: sounds suspect
Zachary Newman, Principal Research Scientist
April 22, 2022
News
Securing Software Repositories with the OpenSSF
Zachary Newman
April 20, 2022
Engineering
The principle of ephemerality
Matt Moore, CTO and Ville Aikas, Distinguished Engineer
April 12, 2022
News
Content Marketing at Chainguard (and our Top 5 Posts!)
Tracy Miranda Tracy Miranda
April 7, 2022
Engineering
Intro to OCI Reference Types
Josh Dolitsky
April 5, 2022
News
YOLO Levels: Insecure Your Software Supply Chain!
Dan Lorenc
April 1, 2022
Engineering
Zero security debt for container images is possible
Roxanne Joncas
March 29, 2022
Open Source
4 Key Sigstore Takeaways: Recap of Twitter Space with Kelsey Hightower
Lisa Tagliaferri
March 23, 2022
Security
How Sigstore Can Help You and Your Team Follow the NIST SSDF Recommendations
Lisa Tagliaferri
March 16, 2022
Security
SLSA vs. Software Supply Chain Attacks
John Speed Meyers
March 15, 2022
Security
Building trust in our software supply chains with SLSA
Kim Lewandowski
March 10, 2022
Security
Avoid hidden security debt with these container maintenance best practices
Ariadne Conill
March 6, 2022
Security
I Read NIST 800-218 So You Don’t Have To: Here’s What To Watch Out For
Dan Lorenc, CEO
March 3, 2022
Open Source
Knative is now a CNCF project, and why this matters for software security
Tracy Miranda, Head of Open Source
March 2, 2022
News
Why Chainguard joined the Open Source Security Foundation
Roxanne Joncas
March 1, 2022
Engineering
Introducing apko: bringing distroless nirvana to Alpine Linux
Ariadne Conill, Principal Software Engineer
February 28, 2022
Security
Goodbye SDLC, Hello SSDF! What is the Secure Software Development Framework?
Tracy Miranda
February 24, 2022
Engineering
Automatic SBOMs with ko
Matt Moore, CTO
February 17, 2022
Open Source
sigstore, the local way
Thomas Strömberg, Director of Security
February 16, 2022
Engineering
Keyless signing with Tekton on Amazon EKS
Priya Wadhwa, Engineering Manager
February 10, 2022
Engineering
Keyless signing with Tekton on AKS
Nghia Tran, Engineering Manager
February 8, 2022
Engineering
How to make package signing useful
John Speed Meyers, Principal Research Scientist
February 7, 2022
Engineering
How to verify cosigned container images In Amazon ECS
James Strong, Solutions Architect
February 3, 2022
Open Source
How Citi is building the secure software factory with Sigstore and Tekton
Tracy Miranda, Head of Open Source
February 2, 2022
Open Source
Chainguard's Josh Dolitsky elected to OCI's Technical Oversight Board
Tracy Miranda, Head of Open Source
January 24, 2022
News
WTF is Chainguard ?
Tracy Miranda
January 21, 2022
Security
What an SBOM can do for you
Adolfo García Veytia, Staff OSS Engineer
January 13, 2022
Engineering
Cosign image signing In AWS CodePipeline
James Strong, Solutions Architect
January 7, 2022
Open Source
Kubernetes Meets SLSA
Dan Lorenc
December 17, 2021
News
Announcing our Seed Round, and Chainguard Services!
Dan Lorenc
December 8, 2021
Engineering
Zero-friction “keyless signing” with Github Actions
Matt Moore, CTO
December 1, 2021
Open Source
Busting 5 Sigstore Myths
Kim Lewandowski, Dan Lorenc
November 19, 2021
Open Source
A deep dive on Sigtore's Fulcio
Dan Lorenc, CEO
November 12, 2021
Engineering
Zero-friction “keyless signing” with Kubernetes
Matt Moore
November 3, 2021
Engineering
Cosigned up and running on EKS
Dan Lorenc, CEO and Scott Nichols, Co-Founder
October 27, 2021
Open Source
Thank you KubeCon NA 2021!
Chainguard Team
October 20, 2021
News
Introducing: Chainguard, Inc.
Dan Lorenc
October 7, 2021