Chainguard Blog
Featured posts
The State of Trusted Open Source: March 2026
AI is accelerating software and CVE growth. Chainguard’s latest report shows rising risk in the long tail and how teams can stay secure at scale.
Ed Sawma, VP of Product Marketing, and Sasha Itkis, Product Analyst
Everything we announced at Chainguard Assemble 2026
Catch up on all the announcements Chainguard made at Assemble 2026, featuring AI agent skills, CI/CD workflows, and more.
Patrick Donahue, SVP, Product
Security insights delivered before they become problems
Latest updates
- product
The haunting silence of CVE-Unknown: Unveiling the secrets of silent fixes
John Speed Meyers, Principal Research Scientist
- product
Announcing Bazel rules for extending Chainguard Images
Adam Dawson, Principal Product Manager at Chainguard and Alex Eagle, Aspect
- news
Check out Chainguard at KubeCon NA in Chicago on November 6-9!
Will Dolinsky, Content Marketing Specialist
- product
The unmasking of the Phantom's Masquerade: When junk CVEs reveal their true nature
John Speed Meyers, Principal Research Scientist
- product
Introducing Chainguard Images for Node.js LTS 20, Python 3.12 and OpenJDK/JRE 21
Adam Dawson, Principal Product Manager
- security
Chainguard’s response to CVE-2023-38545 and CVE-2023-38546 in curl
Dan Luhring, Staff Software Engineer
- product
The haunting of CVE-2022-3474: A ghostly tale of package detection failure
John Speed Meyers, Principal Research Scientist
- open source
VEXed? Then Grype about it: Chainguard and Anchore announce Grype supports OpenVEX
Adolfo Veytia, Alex Goodman, Dan Luhring, and John Speed Meyers
- engineering
Conquering your Build Horizon
Matt Moore, CTO & Co-Founder
- security
Why Chainguard uses Grype as its first line of defense for CVEs
Dan Luhring, Staff Software Engineer
- security
Understanding attacker techniques in distroless containers
Adrian Mouat, Staff DevRel Engineer
- product
The haunting of CVE-2023-2454: A developer's nightmare
John Speed Meyers, Principal Research Scientist