What I appreciate most about Chainguard is how it simplifies and strengthens software supply chain security. The platform offers transparent visibility into dependencies, vulnerabilities, and build pipelines, all without introducing unnecessary complexity. I also value its seamless integration with our existing workflows, which enables our team to identify potential issues early and maintain confidence in our software releases. The combination of automation and practical insights truly sets it apart.

I’ve been down the DIY path twice on fairly complex cloud based missions. There’s a reason we went with Chainguard!

What sets Chainguard apart is their commitment to transparency and compliance, making them a top choice for organisations with high security and regulatory requirements. If you are looking to build a secure, resilient container strategy, Changuard is worth serious consideration.

For anyone wrestling with FedRAMP, Chainguard isn't just a nice-to-have – it's your secret weapon. They make the impossible possible in managing truly secure Docker images. Don't even think about FedRAMP without putting Chainguard on your shortlist!

At Second Front, we make it faster and easier to deliver secure, compliant software to government teams and missions where security is non-negotiable. Chainguard’s Catalog Pricing gives us access to an extensive library of secure, trusted open source images. No surprises, no hoops to jump through, just the freedom to move fast with security and trust built in.

Chainguard has changed the game when it comes to remediating vulns in images.

Another shoutout to Chainguard! 🌟 Their product has proven to be incredibly reliable, working flawlessly 99.9999% of the time in my experience. Recently, we encountered a rare support issue regarding glibc in an image, and Chainguard swiftly provided a solution within just 10 minutes. Kudos to the Chainguard team for their exceptional support and efficiency! Your dedication has truly saved our engineers at Shift5 valuable time, allowing us to concentrate on enhancing our core products and services. Keep up the fantastic work! 👏

It’s been a good 2 weeks to be a @chainguard_dev customer 😎

By integrating minimal harden docker images from Chainguard with the user-friendly IDP hashtag #Backstage, the outcomes for your developers are truly remarkable (we're talking 100s of vulnerabilities per image gone 💨). ❤️ 🧨

Anduril is redefining what defense contractors look like, in part by implementing commercial technology and moving at the pace of relevance. Doing so while remaining compliant in a highly regulated environment is extremely challenging. Chainguard [Containers] help us deliver on this mission with hardened container images that lead the market in secure software development.

Chainguard has allowed us to develop at speed and scale allowing us to focus on features more than the development overhead, especially in mitigating CVEs. That said, the team that we interact with is the best part of Chainguard. Responsive, intelligent, and customer obsessed is the main reason we value and continue our relationship. Couldn't be happier.

At Snap, security is critical to maintaining the trust of our users and ensuring the integrity of our application. Chainguard's secure container images help to drive down vulnerabilities and provide us with a solid technology foundation. This, in turn, enables us to focus on scaling and innovating rapidly to deliver new features and experiences for our users,

I default nowadays to using @chainguard images with multi-stage builds for python. these base images are not only lightweight but don't have the vulns

Chainguard Containers have already helped us ensure that our containerized analytics workloads are built and run securely by default. Now, we're excited about the potential of Chainguard Libraries for Python to further strengthen our software supply chain by mitigating the risks posed by unverified dependencies and malware in the Python ecosystem.

It was so easy to migrate our service and amazing to instantly see the reduction of vulnerabilities.

This is huge. Finally a vendor that provides pre STIG'd images that both supports and maintains them. The overhead that companies incur for this work is massive. Often its duplicated across product teams for the same applications and containers.

I can’t speak highly enough about Chainguard. The ROI IBM Federal gets using Chainguard is tremendous not just for ourselves but our customers. Conversation after conversation with customers now involved Chainguard as a part of the conversation.

I know @chainguard_dev images aren't magic, but hard work.. but it's the closest thing to a magic wand for CVEs I've seen

I don’t usually post unless it’s worth your time — but if you’re in dev or security and not checking out Chainguard for your container images, you’re missing out. Seriously impressive stuff.

In our work supporting the Department of Defense, security isn't just a priority—it's a mandate. Chainguard's secure container images allow us to move fast while maintaining compliance with the most rigorous cybersecurity standards. By reducing the operational burden of patching and hardening, we can focus on delivering mission-critical solutions to our customers without compromising on security.”

Did I mention that FilterBox uses @chainguard_dev images so it’s secure af (that’s a technical term)

Chainguard already helps us reduce our attack surface while giving our teams confidence in what they're shipping. We see promise in Chainguard Libraries for Python to ensure developers can build securely from the very first line of code.

Another monthly vulnerability report to FedRAMP and DoD IL5 for our ATO Continuous Monitoring and another month with 0 FRICKING CVEs! Who can top that?I know no AI product that has 0 CVE in their entire stack. Who even remotely competes with Ask Sage, Inc.? Nobody. Thanks Chainguard for making this happen with us!

Chainguard sets itself apart by providing supply chain security through purpose-built packages in their registry, making it clear that while competitors might still be playing catch-up in the minor leagues, Chainguard is clearly in a league of its own, setting the standard for supply chain security.

Chainguard is truly doing things differently. They're building an incredible team and really disrupting 40+ year old assumptions on how to manage and deploy software. I've never been more optimistic that change is coming. As Dan Lorenc would say, "Buckle Up!".

Since adopting Chainguard the number of vulnerabilities our scanning tools have found in our services has dramatically decreased.

It has been amazing to work with Chainguard, I never would have believed that getting to a 0 CVE image would be so easy (heck, I wouldn't have believed it was even possible) before we introduced Chainguard into our workflow.

Chainguard support is excellent and fast. Chainguard images are lean, secure and easy to integrate. Updates are frequent and easy to implement. Users can pull any supported images with up-to-date features for frequency of use.

Our partnership with Chainguard enabled us to meet or exceed the rigorous standards required in highly regulated industries and government sectors where we serve our customers. By reducing the burden of patching and hardening associated with managing supply chain risks, we can increase our developers' focus on driving innovation in support of our customers' missions.

With Chainguard STIG-ready Images, our platform engineers are able to save months of engineering effort when it comes to audit and compliance readiness. A process that was once grueling and toilsome now just takes a couple of minutes.

Looking for the best distroless images on the market? Chainguard is the way to go!

With Chainguard, we're able to meet and maintain stringent compliance requirements for software vulnerabilities, and their Images product seamlessly integrates within our developer workflows, delivering instant results, and secure outcomes.

it means you 100% have vulnerabilities, that's why you use @chainguard_dev 's hardened images with ZERO vulnerabilities

Putting #security and minimalism first - I migrated Luminous Onion from a vulnerable base image to Chainguard's image built with #Wolfi dropping the vulnerabilities to a manageable 0 count! All with only 2 lines of code changed. Yes, it's really that easy! Highly recommend checking out Chainguard images for your projects.

Chainguard solves the ongoing challenge of keeping container images secure with zero CVEs instead of patching these images from week to week.

Guys. Chainguard is worth every penny. I got to go on a date with my wife last night because I didn't have to remove CVEs from my container images.

Chainguard Images have been a transformative addition to our software supply chain strategy. The minimal, hardened, and continuously verified container images significantly reduce our attack surface while ensuring compliance and operational reliability.

Rockin 0 CVEs in my base images due to Chainguard and now got an awesome shirt to tell the world! Sure there’s other ways to achieve this, but the effort on my end is minimal and I don’t have to worry about the sources of the packages. I’m not normally one to boast about a specific vendor, but 🤯.

Migrating from our team's existing images to chainguard only took about a day, and now using chainguard images totally saves us from having to deal with these CVEs, and lets us work on actual business problems, and not have to try to figure out how to patch some obscure lib install.

If you ever needed any more validation for Chainguard's mission with their "Secure Libraries" offering, this Crowdstrike supply chain attack is a great example.

In the course of deploying Chainguard [Containers] over a week we saw immediate value, an immediate attack surface reduction, and a smaller blast radius. We went from 983 vulnerabilities down to just 36.

Underrated benefit of Chainguard images, I can still pull them on hotel WiFi. 🥲

The gold star vendor: sales, onboarding implementation, support, and product

Game changer? Not many reasons not to use @chainguard_dev  images now.

We adopted Chainguard stack (melange/apko/images) at work and everyone has been super happy since. We wrote a tiny bit to automate image digest updates when we rebuild the base images.

Every time someone from the Software Supply Chain space says they have "exciting news"... my 👀 turn to @chainguard_dev  and @lorenc_dan  recent tweets. 🐙⛓️🚀

It's a remarkable thing when you introduce Chainguard [Containers] and see the vulnerability count plummet. Watching various applications go from hundreds or even thousands of vulnerabilities down to zero overnight is a really powerful testament to what Chainguard [Containers] can do.

This is something that I would recommend to any developer or business that is looking to harden their applications. Securing the base image is the first step everyone should take.

Chainguard really does look like it can transform the software supply chain for the greater good - just needs more eyes on it and commitment to adopt; I see almost no reason not to migrate services to these images; especially when there are like for like images available with what you need. Swapping a single line in your Dockerfile with a different source for your base image is all that is needed.

Security is hard on its own, and while many vendors focus on selling detection products, Chainguard does the opposite and solve a painful problem with little effort from users.

Among all the vendors I work with, Chainguard ranks very high on the list, alongside RedHat.

I recently gave the cgr.dev/chainguard/nginx container image a try, here are my learnings! Towards having more secure container images!