UNCHAINED

A curated collection of writings, research, and solutions

Read the latest software supply chain and open source security updates from our experts.

Categories
Engineering
Designing build date epoch in Chainguard Images
Matt Moore, CTO
June 8, 2023
News
Celebrating 5 years of NTIA’s SBOM work
Dan Lorenc, CEO
June 7, 2023
Come see Chainguard (virtually) at Cloudsmith Unpacked on June 20!
Kim Lewandowski, Chief Product Officer
June 6, 2023
Engineering
Fully bootstrapping Java from source in Wolfi
Ariadne Conill, Principal Software Engineer and Josh Wolf, Software Engineer
June 2, 2023
Research
Introducing "Speranza": Enhancing software signing with privacy and usability
Zachary Newman, Principal Research Scientist
May 30, 2023
Product
Fortify, comply and conquer FedRAMP with Chainguard Images
Dan Lorenc, CEO
May 25, 2023
Engineering
Building Chainguard's container image registry
Jason Hall, Software Engineer
May 23, 2023
Open Source
OSS security: Chainguard May 2023 update
Tracy Miranda, Head of Open Source
May 22, 2023
Product
Policy rollback and auditing with versions in Chainguard Enforce
Colin Douglas, Software Engineer and Katy Howard, Software Engineer
May 19, 2023
Product
Scaling Chainguard Images with a growing catalog and proactive security updates
Kim Lewandowski, Chief Product Officer
May 18, 2023
Product
Enhancing enterprise reliability features for Chainguard Enforce customers
Adam Dawson, Product Manager and Narayan Iyengar, Product Manager
May 11, 2023
Security
How to explain the CISA software attestation requirements to your board
Dan Lorenc, CEO
May 5, 2023
Open Source
Meet Chainguard at Open Source Summit North America 2023 [May 10 – 12 in Vancouver]!
Tracy Miranda, Head of Open Source
May 5, 2023
Research
Enforce against vulnerability sprawl with up-to-date images
John Speed Meyers, Principal Research Scientist
May 3, 2023
News
Chainguard joins DHS S&T new startup cohort to strengthen software supply chain
Dan Lorenc, CEO
April 27, 2023
Engineering
Move over, Dockerfiles! The new way to craft containers
Jason Hall, Software Engineer and Zachary Newman, Principal Research Scientist
April 27, 2023
Open Source
Open source software takes center stage at RSA
Dan Lorenc, CEO
April 24, 2023
Open Source
npm + Sigstore: Making Javascript secure by default
Tracy Miranda, Head of Open Source
April 19, 2023
News
Chainguard and CNCF conduct SLSA assessments for Argo and Prometheus projects
James Petersen, Solutions Architect
April 19, 2023
Open Source
Chainguard open sources new policy catalog for Sigstore policy-controller
Erin Glass, Product Manager and Ville Aikas, Distinguished Engineer
April 18, 2023
News
Chainguard Images now available to government agencies on U.S. Air Force Platform One
Dan Lorenc, CEO
April 17, 2023
Product
Chainguard Image now available for prometheus
Dan Lorenc, CEO
April 14, 2023
News
Join Chainguard at KubeCon EU in Amsterdam April 19-21!
Sarah O'Rourke, Communications Director
April 13, 2023
Product
It all started with a commit: Celebrating 6 years of Distroless
Dan Lorenc, CEO and Matt Moore, CTO
April 12, 2023
Product
Tired of searching through your scan results? Try the Chainguard OpenSearch Image
Dan Lorenc, CEO
April 7, 2023
Product
The role of attestations in a secure software supply chain
Zachary Newman, Principal Research Scientist
April 4, 2023
Open Source
ICYMI: What's new in Chainguard Academy
Lisa Tagliaferri, Director of Developer Education
April 3, 2023
News
GitCommitted with your dream base image
Kirby Koo, Social and Community Relations
April 1, 2023
Engineering
Are Kubernetes Validating Admission Policies the end of admission controllers?
Ville Aikas, Distinguished Engineer and Zachary Newman, Principal Research Scientist
March 31, 2023
Open Source
New Chainguard Academy tutorial: Cosign the manual way
Eddie Zaneski, Staff OSS Engineer
March 30, 2023
Open Source
Sigstore policy-controller 101
Erin Glass, Product Manager and Ville Aikas, Distinguished Engineer
March 29, 2023
Product
Chainguard Image now available for NATS
Dan Lorenc, CEO
March 27, 2023
Open Source
Chainguard contributes Rekor Search project to Sigstore
Priya Wadhwa, Engineering Manager
March 23, 2023
Product
5 capabilities in Chainguard Enforce you don’t want to miss (your security team will LOVE #4)
Adam Dawson, Product Manager
March 23, 2023
Open Source
OSS Security: Chainguard Spring 2023 update
Tracy Miranda, Head of Open Source
March 22, 2023
Product
Chainguard Image now available for Apache Zookeeper
Dan Lorenc, CEO
March 20, 2023
Product
Using Chainguard Enforce to prepare for the Kubernetes registry deprecation
Adam Dawson, Product Manager and Ville Aikas, Distinguished Engineer
March 16, 2023
Research
New SLSA++ Survey reveals real-world developer approaches to software supply chain security
David A. Wheeler, The Linux Foundation; John Speed Meyers, Chainguard; Mikaël Barbero, Eclipse Foundation; and Rebecca Rumbul, Rust Foundation
March 13, 2023
Engineering
What the fuzz? Better coding through randomized testing
Zachary Newman, Principal Research Scientist
March 13, 2023
Security
What the fork? Imposter commits in GitHub Actions and CI/CD
Billy Lynch, Staff Software Engineer
March 8, 2023
Product
Chainguard Image now available for Postgres
Dan Lorenc, CEO
March 6, 2023
News
Charting a secure by default future
Dan Lorenc, CEO
March 2, 2023
Engineering
apko: a year later
Ariadne Conill, Principal Software Engineer
February 28, 2023
Research
Chainguard conducts SLSA software supply chain security audit of open source project Git
Adolfo García Veytia, Staff OSS Engineer and John Speed Meyers, Principal Research Scientist
February 27, 2023
Product
Announcing Chainguard Enforce discovery and expanded runtime support
Adam Dawson, Product Manager and Mark Drake, Technical Writer
February 27, 2023
Product
Hopping into spring with Chainguard’s RabbitMQ Image
Dan Lorenc, CEO
February 24, 2023
Product
SBOMs in a multi-architecture world
Adolfo García Veytia, Staff OSS Engineer and Matt Moore, CTO
February 22, 2023
Engineering
Building towards OCI v1.1 support in cosign
Josh Dolitsky, Software Engineer
February 17, 2023
News
Chainguard named an IDC Innovator for open source software supply chain security
Dan Lorenc, CEO
February 15, 2023
Research
A purl of wisdom on SBOMs and vulnerabilities
John Speed Meyers, Principal Research Scientist
February 14, 2023
Product
Chainguard Image now available for HAProxy
Adrian Mouat, Staff OSS Engineer
February 9, 2023
Engineering
Not all that’s signed is secure: Verify the right way with TUF and Sigstore
Zachary Newman, Principal Research Scientist and Marina Moore (NYU)
February 8, 2023
Product
Chainguard Image now available for Kubectl
Adrian Mouat, Staff OSS Engineer
February 7, 2023
Product
How to sign private artifacts securely with Chainguard's Timestamp Authority
Hector Fernandez, Staff Software Engineer
February 2, 2023
News
Chainguard & BoxBoat, an IBM company, announce strategic partnership to tackle software supply chain security
Kaylin Trychon, VP of Marketing and Communications
January 30, 2023
Open Source
Chainguard to accelerate VEX adoption through OpenVEX specification
Dan Lorenc, CEO
January 30, 2023
Product
Four new ways to protect your supply chain with Chainguard Enforce
Adam Dawson, Product Manager
January 30, 2023
News
Come see us at CloudNativeSecurityCon in Seattle Feb 1-2!
Sarah O'Rourke, Communications Director
January 27, 2023
Research
Make SBOMs, not GuessBOMs: Why we need to shift left on SBOM generation
Tracy Miranda, Head of Open Source
January 25, 2023
Product
Go 1.20 is coming, and it brings even more security by default
Adrian Mouat, Staff OSS Engineer
January 23, 2023
Engineering
GitHub Container Registry private repos sometimes… weren’t
Jason Hall, Software Engineer
January 23, 2023
News
Building the first memory safe distro
Dan Lorenc, CEO and Ariadne Conill, Principal Software Engineer
January 23, 2023
Open Source
Understanding the relationship between FOSS and the “software supply chain”
Ariadne Conill, Principal Software Engineer
January 20, 2023
Product
Chainguard Image now available for Python 3.11
Dan Lorenc, CEO
January 19, 2023
Research
Are SBOMs good enough for government work?
John Speed Meyers, Principal Research Scientist
January 18, 2023
Security
Understanding the promise of VEX
Kaylin Trychon, VP of Marketing and Communications
January 18, 2023
Product
Chainguard Image now available for Bazel
Dan Lorenc, CEO
January 17, 2023
Engineering
Conquer your Build Horizon with Chainguard Enforce in 2023
Matt Moore, CTO
January 13, 2023
Product
Open Policy Agent uses Chainguard Images to safeguard from OpenSSL vulnerabilities
Adrian Mouat, Staff OSS Engineer
January 11, 2023
Engineering
Building Wolfi from the ground up and announcing arm64 support!
Jason Hall, Software Engineer
January 10, 2023
Product
Benefits of keyless software signing
Kaylin Trychon, VP of Marketing and Communications
January 6, 2023
Product
Chainguard Image now available for Redis
Dan Lorenc, CEO
January 4, 2023
Open Source
Highlights from OpenSSF’s 2022 Annual Report
Kaylin Trychon, VP of Marketing and Communications
December 30, 2022
Product
Chainguard Image now available for Ruby 3.2
Dan Lorenc, CEO
December 29, 2022
Engineering
Building images for the secure supply chain
Adrian Mouat, Staff OSS Engineer
December 27, 2022
News
Introducing Chainguard Labs: An update on an open, living software supply chain compromises dataset and new SBOM research efforts
John Speed Meyers and Zachary Newman, Principal Research Scientists
December 20, 2022
Research
Are SBOMs any good? Preliminary measurement of the quality of open source project SBOMs
John Speed Meyers, Principal Research Scientist
December 20, 2022
Product
Getting started with Rego policies in Chainguard Enforce
Adam Dawson, Product Manager
December 20, 2022
News
Our 2023 technology trends & predictions for software security
Chainguard Team
December 15, 2022
Open Source
The archiving of the Gorilla Web Toolkit: A tale of two software security risks
Dan Luhring, Staff Software Engineer and Eddie Zaneski, Staff OSS Engineer
December 13, 2022
Product
ICYMI: Our Chainsmas spaces recap
Chainguard Team
December 9, 2022
Product
Chainguard Enforce announces new software signing capability, enterprise supply chain security updates
Adam Dawson, Product Manager and Priya Wadhwa, Engineering Manager
December 7, 2022
Software supply chain security: Broader than SolarWinds and Log4J
Dan Lorenc, CEO
December 7, 2022
Security
Principles for secure software distribution: Lessons from leaked Android platform signing keys
Zackary Newman, Principal Research Scientist
December 2, 2022
Research
Securing the machine learning supply chain
Zackary Newman, Principal Research Scientist
November 30, 2022
News
Chainguard Enforce is now available on AWS Marketplace
Adam Dawson, Product Manager
November 27, 2022
Engineering
Reflections on trusting VEX (or when humans can improve SBOMs)
Adolfo García Veytia, Staff OSS Engineer
November 23, 2022
Open Source
7 reasons you should plan to adopt Sigstore in 2023
Tracy Miranda, Head of Open Source
November 17, 2022
Research
Software dark matter is the enemy of software transparency
John Speed Meyers, Adolfo Veytia, Dan Luhring, Zack Newman, and Santiago Torres-Arias
November 9, 2022
News
Mitigating OpenSSL vulnerability with Chainguard
Dan Lorenc, CEO
November 1, 2022
Open Source
Life of a Sigstore signature
Zachary Newman, Principal Research Scientist and Jed Salazar, Solutions Architect
October 25, 2022
News
Chainguard at KubeCon North America: October 24-28!
Chainguard Team
October 20, 2022
Engineering
Is CVE-2022-42889 the next Log4Shell? Not really.
Ariadne Conill, Principal Software Engineer
October 20, 2022
Product
New Apache Commons Text CVE feels like déjà vu all over again
Dan Lorenc, CEO
October 19, 2022
Open Source
Chainguard enthusiastically supports donating ko to CNCF
Jason Hall, Software Engineer
October 18, 2022
News
Sigstore is now generally available
Priya Wadhwa, Engineering Manager
October 18, 2022
Engineering
Breaking down PCI guidance for containers and container orchestration tools
Adam Dawson, Product Manager
October 14, 2022
Research
Hunting malware on package repositories
Ly D. Vu, Zachary Newman, and John Speed Meyers
October 13, 2022
Research
What’s in the CNSA Suite, and who should care?
Zachary Newman, Principal Research Scientist
October 5, 2022
Security
Putting VEX to work
Adolfo García Veytia, Staff OSS Engineer
October 3, 2022