Build, ship and run secure software with hardened container images. Our images inventory grows daily.
If you don't see something you need, contact us.
CVE-minimized container images for every use case
Available as pure distroless or as minimal images with a package manager and a shell
Always pinned to upstream :latest
Free to use
Enterprise SLA to remediate vulnerabilities
Available as pure distroless or as minimal images with a package manager and a shell
Major and minor versions of upstream
Available through Chainguard's registry or preferred registry of choice
Access to Chainguard's console to manage images, entitlements, pull tokens, and more
Functionally equivalent to standard images with FIPS cryptographic requirements
Using OpenSSL 3.0 module that is validated by NIST for 140-3
Trust, but verify with openssl-fips-test utility
Dedicated industry-leading STIG purpose-built for DISA compliance and compatible with OpenSCAP and SCAP Viewer
Kernel-independent entropy source enables workload deployment on any kernel, hardware, and instance type