Chainguard x Azul: Secure Java Containers without Compromise

We’re excited to announce a strategic partnership with Azul that brings its curated OpenJDK® distributions to the Chainguard Catalog. Built entirely from Azul source code inside the Chainguard Factory, our Azul OpenJDK containers deliver the minimal, zero-CVE images you expect from Chainguard—while preserving every benefit of Azul’s world-class commercial support. Together, Chainguard and Azul provide a streamlined, secure foundation for Java applications that reduces risk, accelerates delivery, and finally eliminates the trade-off between security and support.

In the following blog post, we’ll dive into the motivations behind this partnership, and the benefits Chainguard and Azul hope to deliver to our customers.

Security vs. Support: The Old Java Trade-Off

Java powers everything from customer-facing banking portals to the behind-the-scenes services that keep planes in the air. To run those workloads with confidence, teams need two non-negotiables: timely, vulnerability-free builds and on-demand commercial expertise. Historically, they could pick only one: enterprise distributions delivered 24/7 SLAs, but arrived in noisy containers loaded with lingering CVEs, while hardened images reduced risk, yet left engineers without a hotline when issues hit production. By combining Chainguard’s zero-CVE build pipeline with Azul’s best-in-class support, we’ve eliminated that compromise once and for all.

A streamlined, secure foundation for Java

Chainguard eliminates the support-versus-security dilemma by building Azul’s OpenJDK binaries entirely from Azul’s source code inside the Chainguard Factory. That process lets us continuously rebuild and distribute minimal, zero-CVE container images of Azul OpenJDK. To spare teams the burden of patching or retesting images, every build passes the full Java Compatibility Kit/Technology Compatibility Kit (JCK/TCK) and our own rigorous security test suite. The result is a single hardened artifact that strengthens software supply chain security, reduces engineering toil, and boosts developer productivity for our shared customers.

“Our customers need solutions that reduce risk and build trust at every layer of their modern software deployment stack. Today, we’re bringing Chainguard’s expertise in building minimal, zero-CVE images and Azul’s expertise in Java together to create the most secure, commercial-grade containers for cloud-native workloads.”

“Choosing a hardened container shouldn’t mean sacrificing timely security-only updates and commercial support services for your Java runtimes. Today, we’re excited to offer enterprises best-in-breed hardened Java containers from Chainguard while leveraging world-class commercial support from Azul”

The Safe Source for All Software 

Chainguard’s vision has always been to build the safe source for open source. Now, we’re taking the first step towards securing all software. This partnership marks the beginning of Chainguard applying our Factory not just to open-source packages but also to Azul’s Zulu OpenJDK distribution. We’re taking this step because modern enterprises need both zero-CVE containers and best-in-class vendor support to ship software with confidence. Azul is only the beginning—we’re eager to work with other technology providers who want to deliver secure, minimal container images to their customers through the Chainguard platform.

Joint customers consuming these new Azul Java container images via Chainguard Containers will receive commercial Java support services through the Azul Platform Core offering. More information on the partnership can also be found here.