We are excited to share some progress we’ve made on Chainguard Enforce, the first comprehensive software supply chain risk management platform. Starting today, Chainguard Enforce is generally available, and we are expanding our early access program to make it easier for organizations to try it out. We’re also announcing some new features including: "agentless" mode, SOC2 Type 1 certification, a catalog of predefined security policies with alerting, custom integrations, and more! With Chainguard Enforce, organizations can focus on delivering software efficiently throughout every step of the software development lifecycle, while securing their environments with real-time policy decisions, and access to critical security metadata for incident management.
Attacks are happening at each and every point along the chain, from the way code gets built, to its deployment, to how it’s run and then packaged and shipped to end users. Because software supply chain security covers the entire development lifecycle, it isn’t like other areas in security where point solutions can solve it. An iterative approach to addressing the security of the entire software supply chain is needed to make long term progress. Chainguard Enforce has been designed to help organizations on this journey ensure only trusted container images are allowed to move through their supply chains and deployed to their clusters.
What’s new in Chainguard Enforce
Enhancing the core capabilities of real-time policy enforcement and continuous verification in Chainguard Enforce, the general availability launch adds the following new capabilities:
Agentless Mode
Even though our agent carries a minimal footprint that remains low during heavy use, we heard the feedback loud and clear “we don’t want to install anything else in our cluster!” Ok! Now Chainguard Enforce supports multiple ways to connect a Kubernetes cluster. Use it by installing the agent, or use it without. Agentless mode is a zero footprint connection for Kubernetes clusters running in supported cloud providers.
Easy-to-Use Dashboard for Immediate Visibility
The Chainguard Enforce dashboard provides complete visibility into your software supply chain security posture. Chainguard Enforce scans your existing clusters and provides real time insight into your signed (and unsigned) images as well as a view into which packages contain SBOMs. You can also easily create cluster level policies that ensure only trusted software is being deployed in your environment, and easily deploy these policies to multiple clusters in your fleet with a single step.
Multi-Cluster View
How compliant are the images in your clusters, what package types are deployed, which deployed policies have SBOMs? The Chainguard Enforce updated UI will help you instantly understand and remediate based on our auto-discovery and continuous compliance verification.
.png)
Detailed View
In-depth diagnostics and alerting helps you understand WHY your images, pods, clusters are not compliant and how to address it.
.png)
Container View
See every base image and package that’s running anywhere in any of your clusters.
.png)
SOC2 Type 1 Certification
We’ve received our SOC 2 Type I report! We know SOC2 compliance is a requirement for many organizations, and we believe in following all the latest security best practices. We are happy to provide the report upon request.
Curated policies
Chainguard Enforce includes basic policy definitions on cryptographic signatures and also richer policy definitions based on provenance data, attestations, and SBOMs. We’ve expanded our set of curated policies based on customer feedback, and our own use of Chainguard Enforce. New policies to highlight include: checking to see if an SBOM is available or not, and checking to see if any critical vulnerabilities exist. Running a multi-cluster environment? No problem! Distributing policies across your entire organization couldn’t be easier.
Integrations
Chainguard Enforce lets you manage supply chain security policy and compliance using your favorite modern tools and applications. We’ve integrated with Slack, CloudEvents, and more, providing rich alerting capability. Enforcement and policy integrations can support your existing policy infrastructure like OPA Gatekeeper and Styra. We also have a Terraform provider for automation, integration with Vault, CloudKMS, and more!
Chainguard represents the next generation of software security, one that embodies a new culture of software development where security is built in, not bolted on. As we expand the capabilities in Chainguard Enforce, we’re sliding further left to cover more areas of the entire software development lifecycle including at commit and package time. Chainguard Enforce is ready for organizations to start using today.
Sign up on our website here to get an invitation for a free trial!
