Chainguard + Booz Allen: Delivering Trusted Open-Source Software to U.S. Government Agencies

We’re excited to announce a new partnership between Chainguard and Booz Allen. Together, we’re helping U.S. government agencies and defense programs strengthen the security of their software supply chains while accelerating their ability to deliver on mission outcomes.

Why this partnership matters

Government agencies today face enormous pressure to modernize their software practices while keeping up with strict security and compliance requirements. From navigating long continuous authorization-to-operate (ATO) processes to addressing supply chain risks flagged in federal mandates, agencies need solutions that let them move faster while staying secure from the start.

That’s exactly why Booz Allen and Chainguard are natural partners. By combining Booz Allen’s mission expertise with Chainguard’s secure-by-default open-source software, we’re helping federal programs eliminate vulnerabilities, save engineering time, and accelerate compliance timelines.

This partnership is focused on four key areas:

• Joint go-to-market initiatives to better serve federal clients.

• Co-solutioning opportunities that embed trusted open-source software directly into mission-critical systems.

• Partner enablement to expand secure software adoption.

• Training and education for federal teams at scale.

Results we’re already seeing

This isn’t just a plan—it’s already delivering impact. In one defense-related program, Booz Allen engineers used Chainguard’s technology to accelerate an ATO process that had been stalled for nearly a year. With Chainguard’s hardened containers, they achieved approval in just eight weeks.

In the first year alone, Booz Allen’s engineers avoided countless common vulnerabilities and exposures (CVEs), saving thousands of engineering hours. That’s time that can now be spent on delivering mission outcomes instead of chasing vulnerabilities.

Chainguard Containers: secure by default

At the heart of this partnership is Chainguard Containers and our continuously updated catalog of over 1,700 zero-CVE container images. Each image is built from source in hardened infrastructure, comes with signed software bills of materials (SBOMs) and attestations, and is hardened with Federal Information Processing Standards (FIPS)-validated cryptography.

For federal agencies, this means reduced attack surface, simplified compliance, and more time spent building and innovating instead of patching. With Booz Allen’s deep federal expertise, we’ll be able to more easily bring secure-by-default software directly into the government ecosystem.

Looking ahead

We’re just getting started. Together with Booz Allen, we’re committed to giving government agencies the trusted tools, expertise, and support they need to build and deploy secure software from day one.

To learn more about how Chainguard helps federal agencies strengthen their software supply chains, visit chainguard.dev/solutions/public-sector.