Chainguard is a 3-month start up in the software supply chain security industry. The mission of Chainguard is to make the software lifecycle secure by default.
No. Not yet. We have some exciting ideas though, and are working on them right now!
No. Not quite. We are working with a small set of companies and open source projects to gain a deeper understanding of the problem space first. Those interested can sign up here.
Software has eaten the world, but unfortunately software breaches hit record highs in 2021. As a result securing the software supply chain has leapt to the top of every company’s imperatives for 2022 - oh and the White house cares too.
Chainguard is responding by building a team with amazing folks who truly understand open source - not least because they have helped create amazing projects like minikube, knative, sigstore and tekton. To match the stunning pace the industry needs to move at, we’ve grown to a team of 15 and counting.
We don’t have all the answers yet but we do know that supply chain security *is* open source security. Organizations not only have to worry about their internal software supply-chains, but are also vastly dependent on and incur the risk of open source they rely on and other vendors' supply chains. The entire practice of transferring code or artifacts relies on strict interoperability - so any solutions to supply-chain security must be open source. The sigstore project is one of the most rapidly adopted projects in the space.
Sigstore is a new standard for signing, verifying and protecting software. This week alone sigstore has been adopted by:
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
