Fork Yeah: We’re Bringing Kaniko Back

Every once in a while, a small side project becomes load-bearing in ways you never could have anticipated. More than seven years ago, Priya Wadhwa accidentally created one of those when she started building Kaniko at Google on the Container Tools team. There was no way to build Docker images inside a Kubernetes cluster at the time, so we decided to try to fix that with the ugliest, nastiest, “this is never going to work”-iest hack imaginable. But it turned out to actually work? And it wasn’t as slow as we thought it would be. Then we figured out a whole bunch of cool ways to make it work faster than a normal Docker build in a bunch of important scenarios. Thus, Kaniko was born.

Since then, the project has garnered a surprising amount of adoption, from the financial services sector to critical pipelines in the defense and public sector spaces. There’s simply still no better option available today for those environments when you can’t run a privileged container.

But this week, Google quietly announced they were going to archive the project. This isn’t a huge surprise — new feature development has been slowing down for a long time and Google isn’t known for keeping projects like this running.

We were determined to keep it running for the many organizations who depend on it, so we forked it: https://github.com/chainguard-dev/kaniko 

Why?

Because Chainguard’s mission is to be the safe source for open source. That means taking responsibility for the tools the software supply chain depends on — especially when they’re at risk of being left behind.

Kaniko aligns perfectly with how we see the future: ephemeral, sandboxed, minimal, and secure-by-default. It helped pave the way for modern container security, and it deserves to move forward, not fade into neglect.

What’s Next?

We’re taking over maintenance, and we’re already triaging long-standing issues. That said, we aren't planning to add new features. We'll do our best to merge minor bug fixes. The plan is to keep it open and upstream — this isn’t a Chainguard-exclusive fork — and we’ll invest in making it better for everyone.

If you use Kaniko today: you’re good. Swap the repo and move on.

If you don’t use Kaniko: buckle up. We’ll make it even easier to adopt as part of secure CI/CD pipelines, especially alongside Chainguard Containers and Chainguard OS.

Bigger Picture

Google is focused elsewhere. That’s expected at a massive company — priorities shift, and products and projects come and go. We’re not here to chase them.

At Chainguard, we stay focused on the hard work. We maintain the catalogs. We patch the CVEs. We fork critical tools when no one else will. We care when your build breaks.

That’s the difference.

Kaniko may have started at Google. But its future is with us.