# Chainguard

> Chainguard provides minimal, hardened container images, malware-resistant language libraries, and VM images with CVE remediation and compliance support for secure software supply chains.

Chainguard delivers minimal, trusted container images, language libraries built from source, and hardened VM images designed to reduce vulnerabilities and simplify compliance for production workloads. The platform combines continuously rebuilt artifacts, SLSA-backed build infrastructure, and a CVE remediation SLA to help engineering and security teams standardize on secure upstream artifacts. Chainguard offers free starter images for testing and enterprise production images with remediation SLAs, private repositories, and a management console for entitlements and pulls.

- **Minimal, zero-CVE images** — Use Chainguard Containers to replace vulnerable base and application images with minimal, distroless variants that reduce attack surface; get started by pulling Starter Images or requesting Production Images for your registry.
- **CVE remediation SLA** — Production Images include a CVE remediation SLA (timelines stated per tier) to accelerate fixes; engage Chainguard sales to onboard and receive SLA-backed updates.
- **Malware-resistant libraries** — Chainguard Libraries are built from source with full dependency trees and code signatures; integrate them into your artifact manager to standardize developer dependencies.
- **Hardened VM images** — Chainguard VMs provide minimal container hosts optimized for cloud providers; deploy via your cloud marketplace or custom images workflow.
- **Supply-chain tooling and Console** — Manage images, entitlements, and pull tokens with the Chainguard Console and integrate scanners and artifact managers to automate policy and compliance checks.

To get started, use the public Images Directory for Starter Images, evaluate guarded Production Images with a sales/demo request, and integrate Chainguard’s registry or mirror images into your CI/CD pipelines and registries.

## Features
- Minimal, distroless container images
- CVE remediation SLA for Production Images
- Malware-resistant language libraries built from source
- Zero-CVE VM images optimized for cloud hosts
- Build-time SBOMs and SLSA Level 2 build infrastructure
- Private APK repositories and Custom Assembly tooling
- Chainguard Console for image and entitlement management
- Scanner support and security advisory feeds

## Integrations
Container registries, Security scanners, Artifact managers, Cloud service providers

## Platforms
WEB, API, LINUX

## Pricing
Open Source, Free tier available

## Links
- Website: https://chainguard.dev/
- Documentation: https://edu.chainguard.dev/
- Repository: https://github.com/chainguard-dev
- EveryDev.ai: https://www.everydev.ai/tools/chainguard