Chainguard
Chainguard, based by former Google engineers with deep expertise in Linux distributions and provide chain safety, is a supplier of hardened, constantly up to date, “zero-CVE” open-source software program packages, from base working system photos to minimal container photos, language libraries, and digital machine home equipment. The corporate focuses on devsecops groups, with options designed to provide each builders and safety architects a extra reliable basis for constructing and operating software program.
The flagship providing is a rolling Linux distribution backed by safety SLAs: seven days for vital vulnerabilities and 14 for others, although the common repair time is beneath 48 hours, in response to the corporate. Chainguard says it maintains a rising catalog of greater than 1,600 container photos, increasing by about 100 monthly, every constructed instantly from upstream supply somewhat than derived from one other distribution. This “farm-to-table” method ensures all the software chain, together with compilers, runtimes, and dependencies, is rebuilt, retested, and re-released inside hours of an upstream replace.
Chainguard Libraries are safe builds of extensively used Java and Python packages, with Node.js libraries subsequent on the roadmap. Chainguard says that constructing libraries from supply addresses a typical hole, the place builders fetch third-party code instantly from the web with out the protections of a packaged distribution. A 3rd product line, Chainguard Digital Machines, applies the identical minimal, hardened philosophy to purpose-built VM home equipment, usually used as Kubernetes employee nodes or in scale-out cloud deployments. In lots of circumstances, container photos from the Chainguard catalog could be rendered as bootable VM home equipment for workloads that require full OS-level entry to {hardware} assets.
