Products
Chainguard Images
Reduce your attack surface with minimal, distroless images.
Chainguard Enforce
Manage, monitor and enforce end-to-end policies.
Chainguard Services
Infrastructure, configuration, and compliance assessment.
Developer
Resources
Company
Contact
Back
Docs
Open source
Back
Unchained blog
Customer stories
Education
Back
About
Careers
Back
About
Newsroom
Careers
UNCHAINED

A curated collection of writings, research, and solutions

Read the latest software supply chain and open source security updates from our experts.

Engineering
Building Chainguard's container image registry

We built a passwordless container image registry with a focus on security to sustain the foundation for ongoing product growth & feature additions for our users.

Jason Hall, Software Engineer
May 23, 2023
Product
Scaling Chainguard Images with a growing catalog and proactive security updates

Chainguard Images boosts support for enterprise development teams with expanded catalog offerings, a dedicated registry, and proactive security notifications.

Kim Lewandowski, Chief Product Officer
May 18, 2023
Categories
Engineering
Designing build date epoch in Chainguard Images
Matt Moore, CTO
June 8, 2023
Designing build date epoch in Chainguard Images
Engineering
News
Celebrating 5 years of NTIA’s SBOM work
Dan Lorenc, CEO
June 7, 2023
Celebrating 5 years of NTIA’s SBOM work
News
Come see Chainguard (virtually) at Cloudsmith Unpacked on June 20!
Kim Lewandowski, Chief Product Officer
June 6, 2023
Come see Chainguard (virtually) at Cloudsmith Unpacked on June 20!
Engineering
Fully bootstrapping Java from source in Wolfi
Ariadne Conill, Principal Software Engineer and Josh Wolf, Software Engineer
June 2, 2023
Fully bootstrapping Java from source in Wolfi
Engineering
Research
Introducing "Speranza": Enhancing software signing with privacy and usability
Zachary Newman, Principal Research Scientist
May 30, 2023
Introducing "Speranza": Enhancing software signing with privacy and usability
Research
Product
Fortify, comply and conquer FedRAMP with Chainguard Images
Dan Lorenc, CEO
May 25, 2023
Fortify, comply and conquer FedRAMP with Chainguard Images
Product
Engineering
Building Chainguard's container image registry
Jason Hall, Software Engineer
May 23, 2023
Building Chainguard's container image registry
Engineering
Open Source
OSS security: Chainguard May 2023 update
Tracy Miranda, Head of Open Source
May 22, 2023
OSS security: Chainguard May 2023 update
Open Source
Product
Policy rollback and auditing with versions in Chainguard Enforce
Colin Douglas, Software Engineer and Katy Howard, Software Engineer
May 19, 2023
Policy rollback and auditing with versions in Chainguard Enforce
Product
Product
Scaling Chainguard Images with a growing catalog and proactive security updates
Kim Lewandowski, Chief Product Officer
May 18, 2023
Scaling Chainguard Images with a growing catalog and proactive security updates
Product
Product
Enhancing enterprise reliability features for Chainguard Enforce customers
Adam Dawson, Product Manager and Narayan Iyengar, Product Manager
May 11, 2023
Enhancing enterprise reliability features for Chainguard Enforce customers
Product
Security
How to explain the CISA software attestation requirements to your board
Dan Lorenc, CEO
May 5, 2023
How to explain the CISA software attestation requirements to your board
Security
Open Source
Meet Chainguard at Open Source Summit North America 2023 [May 10 – 12 in Vancouver]!
Tracy Miranda, Head of Open Source
May 5, 2023
Meet Chainguard at Open Source Summit North America 2023 [May 10 – 12 in Vancouver]!
Open Source
Research
Enforce against vulnerability sprawl with up-to-date images
John Speed Meyers, Principal Research Scientist
May 3, 2023
Enforce against vulnerability sprawl with up-to-date images
Research
News
Chainguard joins DHS S&T new startup cohort to strengthen software supply chain
Dan Lorenc, CEO
April 27, 2023
Chainguard joins DHS S&T new startup cohort to strengthen software supply chain
News
Engineering
Move over, Dockerfiles! The new way to craft containers
Jason Hall, Software Engineer and Zachary Newman, Principal Research Scientist
April 27, 2023
Move over, Dockerfiles! The new way to craft containers
Engineering
Open Source
Open source software takes center stage at RSA
Dan Lorenc, CEO
April 24, 2023
Open source software takes center stage at RSA
Open Source
Open Source
npm + Sigstore: Making Javascript secure by default
Tracy Miranda, Head of Open Source
April 19, 2023
npm + Sigstore: Making Javascript secure by default
Open Source
News
Chainguard and CNCF conduct SLSA assessments for Argo and Prometheus projects
James Petersen, Solutions Architect
April 19, 2023
Chainguard and CNCF conduct SLSA assessments for Argo and Prometheus projects
News
Open Source
Chainguard open sources new policy catalog for Sigstore policy-controller
Erin Glass, Product Manager and Ville Aikas, Distinguished Engineer
April 18, 2023
Chainguard open sources new policy catalog for Sigstore policy-controller
Open Source
News
Chainguard Images now available to government agencies on U.S. Air Force Platform One
Dan Lorenc, CEO
April 17, 2023
Chainguard Images now available to government agencies on U.S. Air Force Platform One
News
Product
Chainguard Image now available for prometheus
Dan Lorenc, CEO
April 14, 2023
Chainguard Image now available for prometheus
Product
News
Join Chainguard at KubeCon EU in Amsterdam April 19-21!
Sarah O'Rourke, Communications Director
April 13, 2023
Join Chainguard at KubeCon EU in Amsterdam April 19-21!
News
Product
It all started with a commit: Celebrating 6 years of Distroless
Dan Lorenc, CEO and Matt Moore, CTO
April 12, 2023
It all started with a commit: Celebrating 6 years of Distroless
Product
Product
Tired of searching through your scan results? Try the Chainguard OpenSearch Image
Dan Lorenc, CEO
April 7, 2023
Tired of searching through your scan results? Try the Chainguard OpenSearch Image
Product
Product
The role of attestations in a secure software supply chain
Zachary Newman, Principal Research Scientist
April 4, 2023
The role of attestations in a secure software supply chain
Product
Open Source
ICYMI: What's new in Chainguard Academy
Lisa Tagliaferri, Director of Developer Education
April 3, 2023
ICYMI: What's new in Chainguard Academy
Open Source
News
GitCommitted with your dream base image
Kirby Koo, Social and Community Relations
April 1, 2023
GitCommitted with your dream base image
News
Engineering
Are Kubernetes Validating Admission Policies the end of admission controllers?
Ville Aikas, Distinguished Engineer and Zachary Newman, Principal Research Scientist
March 31, 2023
Are Kubernetes Validating Admission Policies the end of admission controllers?
Engineering
Open Source
New Chainguard Academy tutorial: Cosign the manual way
Eddie Zaneski, Staff OSS Engineer
March 30, 2023
New Chainguard Academy tutorial: Cosign the manual way
Open Source
Open Source
Sigstore policy-controller 101
Erin Glass, Product Manager and Ville Aikas, Distinguished Engineer
March 29, 2023
Sigstore policy-controller 101
Open Source
Product
Chainguard Image now available for NATS
Dan Lorenc, CEO
March 27, 2023
Chainguard Image now available for NATS
Product
Open Source
Chainguard contributes Rekor Search project to Sigstore
Priya Wadhwa, Engineering Manager
March 23, 2023
Chainguard contributes Rekor Search project to Sigstore
Open Source
Product
5 capabilities in Chainguard Enforce you don’t want to miss (your security team will LOVE #4)
Adam Dawson, Product Manager
March 23, 2023
5 capabilities in Chainguard Enforce you don’t want to miss (your security team will LOVE #4)
Product
Open Source
OSS Security: Chainguard Spring 2023 update
Tracy Miranda, Head of Open Source
March 22, 2023
OSS Security: Chainguard Spring 2023 update
Open Source
Product
Chainguard Image now available for Apache Zookeeper
Dan Lorenc, CEO
March 20, 2023
Chainguard Image now available for Apache Zookeeper
Product
Product
Using Chainguard Enforce to prepare for the Kubernetes registry deprecation
Adam Dawson, Product Manager and Ville Aikas, Distinguished Engineer
March 16, 2023
Using Chainguard Enforce to prepare for the Kubernetes registry deprecation
Product
Research
New SLSA++ Survey reveals real-world developer approaches to software supply chain security
David A. Wheeler, The Linux Foundation; John Speed Meyers, Chainguard; Mikaël Barbero, Eclipse Foundation; and Rebecca Rumbul, Rust Foundation
March 13, 2023
New SLSA++ Survey reveals real-world developer approaches to software supply chain security
Research
Engineering
What the fuzz? Better coding through randomized testing
Zachary Newman, Principal Research Scientist
March 13, 2023
What the fuzz? Better coding through randomized testing
Engineering
Security
What the fork? Imposter commits in GitHub Actions and CI/CD
Billy Lynch, Staff Software Engineer
March 8, 2023
What the fork? Imposter commits in GitHub Actions and CI/CD
Security
Product
Chainguard Image now available for Postgres
Dan Lorenc, CEO
March 6, 2023
Chainguard Image now available for Postgres
Product
News
Charting a secure by default future
Dan Lorenc, CEO
March 2, 2023
Charting a secure by default future
News
Engineering
apko: a year later
Ariadne Conill, Principal Software Engineer
February 28, 2023
apko: a year later
Engineering
Research
Chainguard conducts SLSA software supply chain security audit of open source project Git
Adolfo García Veytia, Staff OSS Engineer and John Speed Meyers, Principal Research Scientist
February 27, 2023
Chainguard conducts SLSA software supply chain security audit of open source project Git
Research
Product
Announcing Chainguard Enforce discovery and expanded runtime support
Adam Dawson, Product Manager and Mark Drake, Technical Writer
February 27, 2023
Announcing Chainguard Enforce discovery and expanded runtime support
Product
Product
Hopping into spring with Chainguard’s RabbitMQ Image
Dan Lorenc, CEO
February 24, 2023
Hopping into spring with Chainguard’s RabbitMQ Image
Product
Product
SBOMs in a multi-architecture world
Adolfo García Veytia, Staff OSS Engineer and Matt Moore, CTO
February 22, 2023
SBOMs in a multi-architecture world
Product
Engineering
Building towards OCI v1.1 support in cosign
Josh Dolitsky, Software Engineer
February 17, 2023
Building towards OCI v1.1 support in cosign
Engineering
News
Chainguard named an IDC Innovator for open source software supply chain security
Dan Lorenc, CEO
February 15, 2023
Chainguard named an IDC Innovator for open source software supply chain security
News
Research
A purl of wisdom on SBOMs and vulnerabilities
John Speed Meyers, Principal Research Scientist
February 14, 2023
A purl of wisdom on SBOMs and vulnerabilities
Research
Product
Chainguard Image now available for HAProxy
Adrian Mouat, Staff OSS Engineer
February 9, 2023
Chainguard Image now available for HAProxy
Product
Engineering
Not all that’s signed is secure: Verify the right way with TUF and Sigstore
Zachary Newman, Principal Research Scientist and Marina Moore (NYU)
February 8, 2023
Not all that’s signed is secure: Verify the right way with TUF and Sigstore
Engineering
Product
Chainguard Image now available for Kubectl
Adrian Mouat, Staff OSS Engineer
February 7, 2023
Chainguard Image now available for Kubectl
Product
Product
How to sign private artifacts securely with Chainguard's Timestamp Authority
Hector Fernandez, Staff Software Engineer
February 2, 2023
How to sign private artifacts securely with Chainguard's Timestamp Authority
Product
News
Chainguard & BoxBoat, an IBM company, announce strategic partnership to tackle software supply chain security
Kaylin Trychon, VP of Marketing and Communications
January 30, 2023
Chainguard & BoxBoat, an IBM company, announce strategic partnership to tackle software supply chain security
News
Open Source
Chainguard to accelerate VEX adoption through OpenVEX specification
Dan Lorenc, CEO
January 30, 2023
Chainguard to accelerate VEX adoption through OpenVEX specification
Open Source
Product
Four new ways to protect your supply chain with Chainguard Enforce
Adam Dawson, Product Manager
January 30, 2023
Four new ways to protect your supply chain with Chainguard Enforce
Product
News
Come see us at CloudNativeSecurityCon in Seattle Feb 1-2!
Sarah O'Rourke, Communications Director
January 27, 2023
Come see us at CloudNativeSecurityCon in Seattle Feb 1-2!
News
Research
Make SBOMs, not GuessBOMs: Why we need to shift left on SBOM generation
Tracy Miranda, Head of Open Source
January 25, 2023
Make SBOMs, not GuessBOMs: Why we need to shift left on SBOM generation
Research
Product
Go 1.20 is coming, and it brings even more security by default
Adrian Mouat, Staff OSS Engineer
January 23, 2023
Go 1.20 is coming, and it brings even more security by default
Product
Engineering
GitHub Container Registry private repos sometimes… weren’t
Jason Hall, Software Engineer
January 23, 2023
GitHub Container Registry private repos sometimes… weren’t
Engineering
News
Building the first memory safe distro
Dan Lorenc, CEO and Ariadne Conill, Principal Software Engineer
January 23, 2023
Building the first memory safe distro
News
Open Source
Understanding the relationship between FOSS and the “software supply chain”
Ariadne Conill, Principal Software Engineer
January 20, 2023
Understanding the relationship between FOSS and the “software supply chain”
Open Source
Product
Chainguard Image now available for Python 3.11
Dan Lorenc, CEO
January 19, 2023
Chainguard Image now available for Python 3.11
Product
Research
Are SBOMs good enough for government work?
John Speed Meyers, Principal Research Scientist
January 18, 2023
Are SBOMs good enough for government work?
Research
Security
Understanding the promise of VEX
Kaylin Trychon, VP of Marketing and Communications
January 18, 2023
Understanding the promise of VEX
Security
Product
Chainguard Image now available for Bazel
Dan Lorenc, CEO
January 17, 2023
Chainguard Image now available for Bazel
Product
Engineering
Conquer your Build Horizon with Chainguard Enforce in 2023
Matt Moore, CTO
January 13, 2023
Conquer your Build Horizon with Chainguard Enforce in 2023
Engineering
Product
Open Policy Agent uses Chainguard Images to safeguard from OpenSSL vulnerabilities
Adrian Mouat, Staff OSS Engineer
January 11, 2023
Open Policy Agent uses Chainguard Images to safeguard from OpenSSL vulnerabilities
Product
Engineering
Building Wolfi from the ground up and announcing arm64 support!
Jason Hall, Software Engineer
January 10, 2023
Building Wolfi from the ground up and announcing arm64 support!
Engineering
Product
Benefits of keyless software signing
Kaylin Trychon, VP of Marketing and Communications
January 6, 2023
Benefits of keyless software signing
Product
Product
Chainguard Image now available for Redis
Dan Lorenc, CEO
January 4, 2023
Chainguard Image now available for Redis
Product
Open Source
Highlights from OpenSSF’s 2022 Annual Report
Kaylin Trychon, VP of Marketing and Communications
December 30, 2022
Highlights from OpenSSF’s 2022 Annual Report
Open Source
Product
Chainguard Image now available for Ruby 3.2
Dan Lorenc, CEO
December 29, 2022
Chainguard Image now available for Ruby 3.2
Product
Engineering
Building images for the secure supply chain
Adrian Mouat, Staff OSS Engineer
December 27, 2022
Building images for the secure supply chain
Engineering
News
Introducing Chainguard Labs: An update on an open, living software supply chain compromises dataset and new SBOM research efforts
John Speed Meyers and Zachary Newman, Principal Research Scientists
December 20, 2022
Introducing Chainguard Labs: An update on an open, living software supply chain compromises dataset and new SBOM research efforts
News
Research
Are SBOMs any good? Preliminary measurement of the quality of open source project SBOMs
John Speed Meyers, Principal Research Scientist
December 20, 2022
Are SBOMs any good? Preliminary measurement of the quality of open source project SBOMs
Research
Product
Getting started with Rego policies in Chainguard Enforce
Adam Dawson, Product Manager
December 20, 2022
Getting started with Rego policies in Chainguard Enforce
Product
News
Our 2023 technology trends & predictions for software security
Chainguard Team
December 15, 2022
Our 2023 technology trends & predictions for software security
News
Open Source
The archiving of the Gorilla Web Toolkit: A tale of two software security risks
Dan Luhring, Staff Software Engineer and Eddie Zaneski, Staff OSS Engineer
December 13, 2022
The archiving of the Gorilla Web Toolkit: A tale of two software security risks
Open Source
Product
ICYMI: Our Chainsmas spaces recap
Chainguard Team
December 9, 2022
ICYMI: Our Chainsmas spaces recap
Product
Product
Chainguard Enforce announces new software signing capability, enterprise supply chain security updates
Adam Dawson, Product Manager and Priya Wadhwa, Engineering Manager
December 7, 2022
Chainguard Enforce announces new software signing capability, enterprise supply chain security updates
Product
Software supply chain security: Broader than SolarWinds and Log4J
Dan Lorenc, CEO
December 7, 2022
Software supply chain security: Broader than SolarWinds and Log4J
Security
Principles for secure software distribution: Lessons from leaked Android platform signing keys
Zackary Newman, Principal Research Scientist
December 2, 2022
Principles for secure software distribution: Lessons from leaked Android platform signing keys
Security
Research
Securing the machine learning supply chain
Zackary Newman, Principal Research Scientist
November 30, 2022
Securing the machine learning supply chain
Research
News
Chainguard Enforce is now available on AWS Marketplace
Adam Dawson, Product Manager
November 27, 2022
Chainguard Enforce is now available on AWS Marketplace
News
Engineering
Reflections on trusting VEX (or when humans can improve SBOMs)
Adolfo García Veytia, Staff OSS Engineer
November 23, 2022
Reflections on trusting VEX (or when humans can improve SBOMs)
Engineering
Open Source
7 reasons you should plan to adopt Sigstore in 2023
Tracy Miranda, Head of Open Source
November 17, 2022
7 reasons you should plan to adopt Sigstore in 2023
Open Source
Research
Software dark matter is the enemy of software transparency
John Speed Meyers, Adolfo Veytia, Dan Luhring, Zack Newman, and Santiago Torres-Arias
November 9, 2022
Software dark matter is the enemy of software transparency
Research
News
Mitigating OpenSSL vulnerability with Chainguard
Dan Lorenc, CEO
November 1, 2022
Mitigating OpenSSL vulnerability with Chainguard
News
Open Source
Life of a Sigstore signature
Zachary Newman, Principal Research Scientist and Jed Salazar, Solutions Architect
October 25, 2022
Life of a Sigstore signature
Open Source
News
Chainguard at KubeCon North America: October 24-28!
Chainguard Team
October 20, 2022
Chainguard at KubeCon North America: October 24-28!
News
Engineering
Is CVE-2022-42889 the next Log4Shell? Not really.
Ariadne Conill, Principal Software Engineer
October 20, 2022
Is CVE-2022-42889 the next Log4Shell? Not really.
Engineering
Product
New Apache Commons Text CVE feels like déjà vu all over again
Dan Lorenc, CEO
October 19, 2022
New Apache Commons Text CVE feels like déjà vu all over again
Product
Open Source
Chainguard enthusiastically supports donating ko to CNCF
Jason Hall, Software Engineer
October 18, 2022
Chainguard enthusiastically supports donating ko to CNCF
Open Source
News
Sigstore is now generally available
Priya Wadhwa, Engineering Manager
October 18, 2022
Sigstore is now generally available
News
Engineering
Breaking down PCI guidance for containers and container orchestration tools
Adam Dawson, Product Manager
October 14, 2022
Breaking down PCI guidance for containers and container orchestration tools
Engineering
Research
Hunting malware on package repositories
Ly D. Vu, Zachary Newman, and John Speed Meyers
October 13, 2022
Hunting malware on package repositories
Research
Research
What’s in the CNSA Suite, and who should care?
Zachary Newman, Principal Research Scientist
October 5, 2022
What’s in the CNSA Suite, and who should care?
Research
Security
Putting VEX to work
Adolfo García Veytia, Staff OSS Engineer
October 3, 2022
Putting VEX to work
Security
Products

Chainguard Images

Chainguard Enforce

Chainguard Services

Developer

Open source

Docs

Resources

Unchained blog

Customer stories

Security

Education

Company

About

Careers

Legal

Contact

Follow

Twitter

GitHub

LinkedIn

TikTok

© 2023 Chainguard, Inc.

Contact