Chainguard Containers are a guarded catalog of minimal, zero-CVE container images with a best-in-class CVE remediation SLA (7 days for critical severity, 14 days for high, medium and low) that helps customers build and deploy software better.
Modern software development practices and deployment pipelines require secure, up-to-date containerized applications for cloud-native applications. Chainguard builds minimal images that contain only the components required to build and run your containers entirely from source in hardened build infrastructure. Aimed at engineering organizations and security teams alike, Chainguard Containers reduce costly engineering toil around vulnerability management, enhance the security posture of applications by eliminating attack surface, and unlock revenue by simplifying compliance with key frameworks and customer requirements.
Chainguard Containers – Value Pillars
• Reduce cost of engineering toil: Engineers are a precious resource meant for building innovative platforms and products, not non-strategic / un-differentiated toil like patching vulnerabilities
• Secure foundation for open source software: Minimal, trusted, and secure open source components for every developer and every stack
• Achieve and maintain continuous compliance: Easily operate in compliance frameworks such as FedRAMP, cATO, StateRAMP, PCI-DSS, HIPAA, SOC2, NIS2, and CMMC
• Accelerate revenue by building better products faster: Enable engineers to deliver new products and better features, securely with speed
Chainguard Containers – Key Capabilities
• Best-in-class CVE remediation SLA: Count on an industry-leading remediation SLA of 7 days for critical CVEs and 14 days for high, medium, and low
• Secure-by-default, transparent by design: Adopt trusted, zero-CVE container images with full build-time generated SBOMs and digitally signed attestations for total transparency
• FIPS and STIGs to simplify continuous compliance: Maintain compliance for critical frameworks like FedRAMP, PCI-DSS, and SOC 2 with hardened images that come with kernel-independent FIPS validation and OS-Level STIGs by default
• 1,300+ purpose-built images that are always up to date: Choose from our growing catalog of minimal container images rebuilt from source daily with “nano-updates,” eliminating major OS version upgrades
