Celebrating innovation in open source software and container image security with Chainguard Images

Kim Lewandowski, Chief Product Officer
November 1, 2023

Over the past year, Chainguard has expanded its Images inventory, reaching over one million image builds, to offer developers the freedom to build secure software with the tools and applications they know and love. 

With Chainguard Images, we have designed a first-of-its-kind approach in the market to address container image security and secure open source software development, which are foundational components of securing the software supply chain. The road to product-market-fit is not defined, it is forged. And we have learned a lot refining our approach to building secure images as both a reliable and scalable enterprise product and open source community solution. Our Series B fundraising round further reinforces that we are on the right path, addressing the right open source and software supply chain security problems development and security teams face today. 

Chainguard Images – which started as an experiment – has now helped organizations from the private and public sectors see a 97.6% reduction in CVEs and eliminate entire classes of vulnerabilities within their software supply chain. Chainguard Images are trusted by Snowflake, Hewlett Packard Enterprise, Sourcegraph, GitGuardian, Replicated, the United States Air Force Platform One Iron Bank and more. 

Off the shelf, Chainguard Images offer: 

  • a large inventory of popular build and development tools, applications, middleware, and language runtimes,
  • a highly performant, more secure Container Image Registry that features passwordless, short-lived token-based authentication,
  • and critical software supply chain security requirements like Software Bill of Materials (SBOMs) and verified software signatures by Sigstore.

Thank you to our customers and open source adopters 

To our early adopter customers and open source projects, thank you for believing in the benefits Chainguard Images have to offer from day one. Jumping to new solutions that haven’t been done before and moving to the bleeding-edge of technology is a big step, but we’ve found a way to make living on this edge stable, reliable and secure. 

To-date, Chainguard Images have been pulled over 90 million times. We now also have more than 200 applications in our inventory, with over a million image builds. 

We also pride ourselves in open source software principles. This is why we are committed to maintaining a free, public tier of Chainguard Images for all developers and open source maintainers to benefit from into the future. 

Enterprise-ready capabilities and features 

What started as a secret project quickly turned into a way for Chainguard to revolutionize the way organizations address vulnerabilities and maintain the open source software they consume. Over the past year, we have rolled out many enterprise-ready capabilities and features across the Chainguard Images product suite, including: 

  • Tag History and Image Diff APIs:These features help enterprises understand the difference between Image builds, so they can see the speed and comprehensive updates occurring within their Chainguard Images and help determine when to update to the latest version.
  • Vulnerability comparisons: Users can now search known vulnerabilities and compare external images alongside Chainguard Images in Chainguard Academy.Enterprise user management enhancements: Building user management features with the tools and platforms customers are already using is critical for helping organizations unlock the benefits of Chainguard faster. We’ve enabled organizations to integrate with Chainguard using their internal enterprise identity platform provider (IdP) like Okta, Ping, Azure AD and more via OIDC workflows. We also heard feedback from customers about their need to standardize on Terraform. The Chainguard Terraform provider is now certified and publicly available for Chainguard Images to allow for greater ability to manage accounts, users, and access permissions at scale. These user management features in Chainguard Images offer enterprises more organizational control, flexibility, and security over their accounts.
  • Cloud Marketplace expansion: Chainguard Images are now available in the AWS Marketplace. The availability of these listings makes it easier for organizations using AWS to discover, purchase, and deploy Chainguard Images in their environments or leverage existing spend and credit commits towards their Chainguard Images usage.
  • Enterprise and open source scanner support: Leading scanners like Grype, Prisma Cloud, Snyk, Trivy, and Wiz now support scans within Chainguard Images and Wolfi. This growing ecosystem of scanner support enables our Chainguard Images customers and community users to continue leveraging the tools and workflows they use today for monitoring and prioritizing vulnerability scan results.
  • Enterprise SLAs: We provide Chainguard Images customers with an SLA on vulnerability remediation for vulnerabilities detected by scanners. This means that if an update is available for one of our Images, we'll apply it within a specified timeframe, ensuring that our Images remain free of known vulnerabilities and that our customers can deploy with confidence quickly. This dramatically limits noise from your scanners, so when CVEs do show up, you can be confident that they’re real and need attention. This saves your team time triaging vulnerabilities so they can focus on business priorities and innovation.

The future to a frictionless FIPS and FedRAMP journey

Achieving zero-known, High/Critical vulnerabilities in container environments is a requirement for meeting or maintaining certifications for most of today’s widely-required compliance frameworks, such as FedRAMP, StateRAMP, PCI, PCI DSS, and SOC2.

The compliance use cases for Chainguard Images have received exceptional response from the market and existing customers. If you are looking for a hardened container solution that can help you reach your FedRAMP goals, Chainguard Images is the answer. Today, we provide a number of FIPS-enabled base images for popular language ecosystems and applications. We also work with customers to create FIPS-ready images for their specific application needs. With Chainguard Images, which are continuously patched and rebuilt daily for security, you can seamlessly meet rigorous compliance vulnerability scanning requirements for container security.

We’re just getting started… 

It’s true, Chainguard Images has come a long way since its early days, but our work is just beginning. With the infusion of new funding, we are going to continue elevating the user experience through real-time security advisories and vital information on vulnerability remediation and updates for OSS software. This encompasses end-of-life notifications and the introduction of new versions.

We also are focused on expanding our ecosystem from product integrations to strategic partnerships that will help make adopting and purchasing Chainguard Images seamless for organizations of all sizes and across all industries. 

We’d also be remiss if we didn’t mention further expanding our inventory of Chainguard Images. We are adding new images daily and the list is limitless for what we will build next. If you have an image that you would like to use that is not currently in our inventory, let us know.

As container adoption becomes ubiquitous across the industry, the Chainguard Images solution is one of the best ways to support and secure the next generation of container and cloud-native application development.

Reflecting on Chainguard’s remarkable journey over the past two years, it's evident that our commitment to securing the software supply chain has gained traction. We'd like to thank everyone who has joined us on this incredible journey. If you are interested in joining our team, partnering with us, or would like to try one of our Chainguard Images, please reach out

Related articles

Ready to lock down your supply chain?

Talk to our customer obsessed, community-driven team.