Chainguard is a 3-month start up in the software supply chain security industry. The mission of Chainguard is to make the software lifecycle secure by default.
Sounds kinda vague. Do you have a product?
No. Not yet. We have some exciting ideas though, and are working on them right now!
Do you offer consulting services?
No. Not quite. We are working with a small set of companies and open source projects to gain a deeper understanding of the problem space first. Those interested can sign up here.
Why all the hype?
Software has eaten the world, but unfortunately software breaches hit record highs in 2021. As a result securing the software supply chain has leapt to the top of every company’s imperatives for 2022 - oh and the White house cares too.
Chainguard is responding by building a team with amazing folks who truly understand open source - not least because they have helped create amazing projects like minikube, knative, sigstore and tekton. To match the stunning pace the industry needs to move at, we’ve grown to a team of 15 and counting.
How will you solve problems in this space?
We don’t have all the answers yet but we do know that supply chain security *is* open source security. Organizations not only have to worry about their internal software supply-chains, but are also vastly dependent on and incur the risk of open source they rely on and other vendors' supply chains. The entire practice of transferring code or artifacts relies on strict interoperability - so any solutions to supply-chain security must be open source. The sigstore project is one of the most rapidly adopted projects in the space.
WTF is sigstore? Is anybody using it?
Sigstore is a new standard for signing, verifying and protecting software. This week alone sigstore has been adopted by: