Today, Chainguard was named in the first edition of the Redpoint InfraRed 100, a comprehensive list of the next 100 promising private companies in Cloud Infrastructure. This curated selection of companies represents the next generation of leaders in the industry, poised to make a significant impact in the cloud infrastructure market.
Redpoint Ventures is a leading venture capital firm with a diverse portfolio of successful companies including Twilio, Looker, Nextdoor, Ramp, Stripe, NuBank, Hashicorp, Snowflake, Netflix, Hims, and more.
“It’s an honor to be included in the first ever InfraRed 100 alongside such an impressive cohort of cloud infrastructure companies. We built Chainguard because we saw a critical gap in cloud native tooling that was inhibiting developers ability to build software from the start that is secure by default,” said Dan Lorenc, CEO and Co-founder of Chainguard. “Our thanks to Redpoint and Nasdaq for recognizing the work of our amazing team at Chainguard and congratulations to all companies recognized on the list, including two Chainguard customers Sourcegraph and Replicated.”
Few organizations right now can say with confidence that they know where every piece of software that is running in their environments came from, let alone that it is from a source they trust. There is no silver bullet product for software supply chain security. The first step is to know what software you are running, where it's running, how risky it is and how to fix it. Once you have this single pane of glass view into your workloads, you can start to enforce policies for software security best practices across your development teams such as cryptographic signatures and SBOMs to improve the integrity of your software. Here’s how Chainguard helps:
Chainguard Images, our minimal, hardened container images, form the base layer of our software supply chain security platform, and delivering this foundational infrastructure in as secure of a manner as possible is, well, critical to everything we do. At the ground-level, vulnerability triage and management is a major pain point for organizations that are trying to achieve compliance and/or want to build faster, safer.
Our suite of minimal, hardened container images are continuously updated and tested for security and only contain what is required to build or run an application—delivering on average a 97.6% reduction in CVEs.
We also provide organizations with an SLA for vulnerability remediation. This means that if a vulnerability is detected in one of our images, we'll remediate it within a specified timeframe, ensuring that our customers can deploy our images with confidence. This dramatically limits noise from your scanners, so when CVEs do show up, you can be confident that they’re real and need attention. Chainguard Images also include cryptographic signatures and come with SBOMs at build-time so developers can be confident that they're building with a secure foundation.
Chainguard Enforce provides full visibility into what’s in your software supply chain – you no longer have to guess or hope, you know what software is where, how it's used and if it's trusted. For software integrity and verification, Enforce provides capabilities to create policies for requiring signatures and SBOMs for all software artifacts. The platform also allows you to improve time to remediation when new vulnerabilities are disclosed because you have visibility into where vulnerable software is running in your environments.
At Chainguard, we’re working every day to make the software supply chain secure by default, and we do this by offering solutions that allow developer and engineering teams to build software right and secure from the start. You don't fix a weak link in any chain, software or otherwise, by bolting a strong link on after it. Securing the software supply chain begins with developers and permeates every step of the way as code gets deployed to production.
In addition to being listed to the Infrared 100, Chainguard has also been recognized as an IDC Innovator and 2023 Gartner Cool Vendor in Platform Engineering for Scaling Application Security Practices.
Chainguard is helping organizations across the federal, financial, health and technology sectors lock down their supply chains. If you're drowning in vulnerabilities or you need to meet an upcoming compliance audit, get in touch.