Chainguard Reviews & Product Details

Chainguard zero- and minimum-vulnerability containers help us deliver secure services and products to our customers with less effort and reduced cybersecurity risk. These containers are a 1-to-1 replacement for existing publicly available containers, and they integrate easily into our development pipelines with no additional effort. Review collected by and hosted on G2.com.

Chainguard containers are expensive. However, when I consider how many staff hours go into building and maintaining hardened, low-vulnerability containers for applications, the cost does pay off. Review collected by and hosted on G2.com.

I like the hardened images and their support for debugging and other channels. I appreciate the vLLM and OSS support along with the images that we need major upgrades for. I also like their release cadence and find their customer support to be good. I value the minimal, hardened, continuously patched base images that work with vLLM, which has a fast release cadence and evolving dependencies. I also like the immutable image tags, SBOM, and continuous rebuild features. Review collected by and hosted on G2.com.

I find the lack of easy migration guides and more FDE support frustrating. Also, the initial setup was problematic for GPU services as core NVIDIA images are not supported. Review collected by and hosted on G2.com.

I appreciate Chainguard's extensive range of catalog with more than 500 public images to choose from, which significantly enhances my experience by ensuring that an image such as Linkerd is available and likely vulnerability-free compared to other sources like DockerHub. The availability of such a vast selection of images provides us with assurance and flexibility, making it easier to maintain security standards. I value the proactive approach of Chainguard in addressing CVEs by ensuring the images are rebuilt daily, which gives me confidence in their security posture. Additionally, I find the initial setup process to be very easy, and I enjoy the self-management feature allowing me to choose the right images from the catalog effortlessly. Review collected by and hosted on G2.com.

It would be great if Chainguard's container registry could sync with AWS ECR so I could use my own private registry instead. I believe it's being worked on though. Review collected by and hosted on G2.com.

What I appreciate most about Chainguard is how it simplifies and strengthens software supply chain security. The platform offers transparent visibility into dependencies, vulnerabilities, and build pipelines, all without introducing unnecessary complexity. I also value its seamless integration with our existing workflows, which enables our team to identify potential issues early and maintain confidence in our software releases. The combination of automation and practical insights truly sets it apart. Review collected by and hosted on G2.com.

The main challenge I’ve encountered with Chainguard is that the initial setup and configuration process can be somewhat time-consuming, particularly if you’re dealing with complex pipelines or managing several environments. After the setup is complete, everything operates smoothly, but getting all the integrations in place and fine-tuning the system at the start does demand some effort. Review collected by and hosted on G2.com.

Chainguard provides a strong security approach for container images and supply chain hygiene the images are minimal and well maintained by them and fully SBOM verified with consistently updated which reduces operational risk

the platform makes it easy to adopt secure by default practices without adding overhead to CI/CD pipelines and it helps a security companies to have images with zero CVEs Review collected by and hosted on G2.com.

I think the only concern is the pricing that can be a bit high for smaller teams Review collected by and hosted on G2.com.

Chainguard’s minimalist, hardened container images with zero known CVEs, is going to significantly reduce our vulnerability management overhead. Not having to constantly chase patch cycles will save our teams countless hours.

The images are not just secure by default but gives us the confidence in both their integrity and provenance. We are currently looking at wider adoption across our teams and the society. What sets Chainguard apart is their commitment to transparency and compliance, making them a top choice for organisations with high security and regulatory requirements. If you are looking to build a secure, resilient container strategy, Changuard is worth serious consideration. Review collected by and hosted on G2.com.

This is very stage at the moment, but we look forward to working closely with Chainguard for feedbacks we get from our team as we start our wider rollout. Review collected by and hosted on G2.com.

My team had a huge backlog in JIRA of CVEs we had to remediate. Resolving a CVE takes time away from actual work, as we had to wait for the CVE to be resolved, push the fixes, verify the fixes were passing security scans, then finally backport fixes to old releases we maintained.

It all took a long time, was a major effort, and didn't scale well as we had more CVEs than I want to admit :D.

Migrating from our team's existing images to chainguard only took about a day, and now using chainguard images totally saves us from having to deal with these CVEs, and lets us work on actual business problems, and not have to try to figure out how to patch some obscure lib install. Review collected by and hosted on G2.com.

Sometimes, it's tough to troubleshoot live issues where you need to do kubectl exec into a pod. This is a somewhat rare edge case, but it's something we've run into.

It's also sometimes hard to get certain packages fully working (eg a python pandas packages needs a driver which may not be present in the base image). Review collected by and hosted on G2.com.

There is a good catalog of fips compliant images, and they support customization by adding packages directly to a base image. Review collected by and hosted on G2.com.

Some image were missing which complicated the process of migrating all our services. Review collected by and hosted on G2.com.

The container images are easy to use and provide a secure environment. Review collected by and hosted on G2.com.

The integration process is not straightforward, and the cost can be high for individual users. Review collected by and hosted on G2.com.

Chainguard Images have been a transformative addition to our software supply chain strategy. The minimal, hardened, and continuously verified container images significantly reduce our attack surface while ensuring compliance and operational reliability.

One of the biggest pain points in container security is managing outdated or bloated base images filled with vulnerabilities. Chainguard solves this brilliantly with distroless, signed images that are continuously updated and come with built-in provenance and SBOMs. It’s clear they’ve thought deeply about what modern development teams need to build secure-by-default applications.

What really sets Chainguard apart, though, is their exceptional support. From day one, their team has been proactive, responsive, and genuinely invested in our success. Whether it was help with integration, optimizing our image choices, or answering security policy questions, their support engineers went above and beyond. Their documentation is also thorough and developer-friendly, which makes onboarding smooth and intuitive.

In summary: Chainguard Images bring peace of mind to any DevSecOps team, and their world-class support makes them a true partner in software supply chain security. Highly recommended for anyone building or deploying containers in a production environment Review collected by and hosted on G2.com.

One area that could use improvement is transparency around source code and SBOM (Software Bill of Materials) access. While the images are secure and well-maintained, having easier access to corresponding source repositories and complete SBOMs—preferably in an automated or standardized format—would help us meet internal audit and compliance requirements more seamlessly. Review collected by and hosted on G2.com.