Chainguard Blog
Featured posts
The State of Trusted Open Source: March 2026
AI is accelerating software and CVE growth. Chainguard’s latest report shows rising risk in the long tail and how teams can stay secure at scale.
Ed Sawma, VP of Product Marketing, and Sasha Itkis, Product Analyst
Everything we announced at Chainguard Assemble 2026
Catch up on all the announcements Chainguard made at Assemble 2026, featuring AI agent skills, CI/CD workflows, and more.
Patrick Donahue, SVP, Product
Security insights delivered before they become problems
Latest updates
- news
Sigstore is now generally available
Priya Wadhwa, Engineering Manager
- news
Chainguard at KubeCon North America: October 24-28!
Chainguard Team
- engineering
Is CVE-2022-42889 the next Log4Shell? Not really.
Ariadne Conill, Principal Software Engineer
- open source
Chainguard enthusiastically supports donating ko to CNCF
Jason Hall, Software Engineer
- research
Hunting malware on package repositories
Ly D. Vu, Zachary Newman, and John Speed Meyers
- research
What’s in the CNSA Suite, and who should care?
Zachary Newman, Principal Research Scientist
- security
Putting VEX to work
Adolfo García Veytia, Staff OSS Engineer
- news
What’s software supply chain security got to do with the State of DevOps Report? A Lot.
John Speed Meyers, Principal Research Scientist and Todd Kulesza (Google)
- engineering
What's new in SPDX 2.3?
Adolfo García Veytia
- news
Learn to build software that is secure by default with Chainguard Academy
Lisa Tagliaferri, Director of Developer Education
- product
Introducing Wolfi: The first Linux (un)distro designed for securing the software supply chain
Dan Lorenc, CEO
- news
Top 5 Takeaways on the NSA / CISA / ODNI Developer Guidelines for Securing the Software Supply Chain
Dan Lorenc, CEO