Sold by: Chainguard
Deployed on AWS
Chainguard Images are a collection of minimal, hardened container images that are patched and rebuilt daily, and come with low-to-zero known CVEs, SLSA 2 compliance, signatures, and SBOMs.
4.8
Overview
Chainguard Images are a collection of minimal, hardened container images. They only contain what is required to build or run your application, delivering on average a 97.6% reduction in CVEs. Each Chainguard Image is patched and rebuilt daily from source with the latest security fixes and CVE remediations, resulting in low-to-zero known CVEs, verifiable image signatures and attestations, high-quality SBOMs, and SLSA Level 2 - Build compliance.
The Chainguard Images inventory contains images for the most popular base images, including Go, Python, Ruby, PHP, Node, and more; and a selection of common developer tools, applications, data products, and servers.
Chainguard Production Images are available for FIPS compliance, major and minor versions, enterprise SLAs, and customer support. Chainguard offers custom pricing through AWS Marketplace Private Offers.
Chainguard provides custom pricing for customers via Private Offer. Please contact AWS-marketplace@chainguard.dev for more information on our pricing model. Pricing displayed is per Image.
Highlights
- Low-to-zero known CVEs with daily patches and rebuilds
- Full SLSA Build Level 2 provenance, signatures, and SBOMs
- Images with FIPS validation available upon request
Details
Sold by
Categories
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Trust Center
Access real-time vendor security and compliance information through their Trust Center powered by Drata or Vanta. Review certifications and security standards before purchase.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Starter Images | :latest version of OSS packages | $0.00 |
Application Image | The listed pricing is for illustrative purposes only and does not reflect actual pricing, which will be provided upon request, exclusively as part of a private offer from Chainguard | $0.01 |
Base Image | The listed pricing is for illustrative purposes only and does not reflect actual pricing, which will be provided upon request, exclusively as part of a private offer from Chainguard | $0.01 |
FIPS Image | The listed pricing is for illustrative purposes only and does not reflect actual pricing, which will be provided upon request, exclusively as part of a private offer from Chainguard | $0.01 |
AI Image | The listed pricing is for illustrative purposes only and does not reflect actual pricing, which will be provided upon request, exclusively as part of a private offer from Chainguard | $0.01 |
Standard CSM | The listed pricing is for illustrative purposes only and does not reflect actual pricing, which will be provided upon request, exclusively as part of a private offer from Chainguard | $0.01 |
Vendor refund policy
Contact us for refund information
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Chainguard
By RapidFort Inc
By Center for Internet Security
Top
10
In Application Stacks, Operating Systems
Top
100
In Collaboration & Productivity, Application Development
Top
25
In Compliance and Auditing
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Daily Security Patching and Rebuilding
Container images are patched and rebuilt daily from source with the latest security fixes and CVE remediations.
Vulnerability Reduction
Minimal, hardened container images delivering on average a 97.6% reduction in CVEs with low-to-zero known vulnerabilities.
Supply Chain Security Compliance
Full SLSA Level 2 - Build compliance with verifiable image signatures, attestations, and high-quality SBOMs.
Multi-Language Runtime Support
Pre-built images available for popular programming languages and runtimes including Go, Python, Ruby, PHP, and Node.
FIPS Compliance Availability
Production images with FIPS validation available for regulatory compliance requirements.
Automated Vulnerability Remediation
Automatically removes up to 95% of CVEs without requiring code changes, reducing vulnerability and patch management backlogs.
Daily Security Patching and Hardening
Curated images are patched and hardened daily from source with latest security fixes and CVE remediations, resulting in Zero or Near-Zero CVEs.
Software Bill of Materials Generation
Generates high-quality SBOMs in multiple formats including raw JSON, SPDX, and Cyclone DX to address software supply chain and compliance requirements.
CI/CD Pipeline Integration
Integrates with CI/CD pipelines and container deployment platforms through simple API calls.
Build Compliance Certification
Achieves SLSA Level 2 Build compliance for container images and applications.
Security Hardening Standard
Image hardened according to CIS Benchmark Level 2 profile developed through consensus-based process and accepted by government, business, industry, and academia.
Regulatory Compliance Support
Supports compliance with PCI DSS, FedRAMP, DoD Cloud Computing SRG, FISMA, and select NIST publications.
Container Orchestration Optimization
Pre-configured and optimized for use with Amazon Elastic Container Service for Kubernetes (EKS) on Amazon EC2.
Security Configuration Hardening
Includes hardened account and local policies, firewall configuration, and computer-based and user-based administrative templates aligned with industry best practices.
Conformance Assessment and Documentation
Includes CIS Configuration Assessment Tool (CIS-CAT Pro) reports and detailed documentation of hardening changes, package modifications, and exceptions applied to the image.
Standard contract
No
No
Customer reviews
Souhardyya Biswas
Pre-hardened container images have reduced vulnerabilities and improve our security posture
Reviewed on May 31, 2026
Review provided by PeerSpot
What is our primary use case?
Chainguard Containers was a tool brought into my enterprise as a proof of concept that we evaluated, but we have not rolled it out for enterprise usage.
Our main use case for Chainguard Containers during the evaluation period was for hardened images, as we do not have a central source of hardened images for all use cases in the enterprise. Chainguard was a solution that proposed we could use their offering as a source of pre-hardened or pre-vetted images.
During our evaluation, we were trying to use Chainguard Containers for hardened images such as various types including Debian , UBI, Dynatrace , Nginx, and other similar images. We were attempting to see what Chainguard offers and then run a scan on them with their tools to see how hardened they are in terms of vulnerabilities.
What is most valuable?
Based on my evaluation, the best features Chainguard Containers offers are pre-hardened images. They are now adding pre-hardened libraries as well, but the pre-hardened base operating systems are what we were looking for, and Chainguard offers this and does a pretty good job except for the fact that many of their images are Alpine-based, which are not that friendly with Kubernetes native environments.
I find the quality and security of those pre-hardened images compared to what we were using before to be absolutely solid, as they are minimal images, small in size, and clean.
Chainguard Containers has positively impacted my organization even during the proof of concept phase by improving our security posture. Some of our groups ended up using Chainguard base operating systems for their container images, and that led to improved security posture and fewer vulnerabilities. There was a reduction in vulnerabilities for the teams that were using Chainguard.
What needs improvement?
The only limitation or challenge that stood out during my evaluation of Chainguard Containers was the fact that it is primarily based on Alpine, which can be tricky to use in native Kubernetes environments, as we use Tecton primarily, which is a CI/CD pipeline that runs on native Kubernetes.
What other advice do I have?
I am not familiar with Chainguard Containers' AI capabilities.
Regarding the governance and security of those AI features, I was not and am not familiar with the AI features of Chainguard Containers.
I did not have any experience with the accuracy and reliability of output of Chainguard Containers' AI capabilities.
Chainguard Containers is primarily based on Alpine, and most of their images follow this pattern.
I would rate this review an eight overall.
Moshika S.
Great Product Innovation Backed by Outstanding Customer Service
Reviewed on Mar 17, 2026
Review provided by G2
What do you like best about the product?
Great Customer service, our account manager is so on top of things! Great product and continued innovation
What do you dislike about the product?
.Net availability for Chainguard libraries isn’t available yet and not sure if it’s on the roadmap.
What problems is the product solving and how is that benefiting you?
Low resource needs for CVE resolution
Financial Services
Seamless CI/CD Integration and Transparent SBOMs with Chainguard Libraries
Reviewed on Mar 17, 2026
Review provided by G2
What do you like best about the product?
The seamless integration with our existing CI/CD pipeline, along with Chainguard’s transparency through SBOM and the overall Chainguard Libraries experience.
What do you dislike about the product?
I antipate Chainguard's capability to audit which JS Libraries appear from Chainguard vs NPM even after they're drawn through JFrog/Arctifactory.
What problems is the product solving and how is that benefiting you?
Transparency and risk mitigation.
Aaron S.
Secure and Seamless Software Delivery
Reviewed on Mar 17, 2026
Review provided by G2
What do you like best about the product?
I appreciate how Chainguard reduces CVEs through its secure-by-default model and fast remediation time. I'm impressed by Chainguard's dedication to secure software delivery and its continuous expansion of complementary products. The company exhibits the passion of a startup combined with the dedication of a well-developed organization. I also find it extremely easy to add the nightly downloads to Artifactory and integrate them into GitLab pipelines. Additionally, I use complementary products like libraries, advisories, and soon-to-come agent skills, which are quite beneficial.
What do you dislike about the product?
I don't like compensating for bad vendor practices like vulnerable code being in library and mod files. While not executable, this causes administrative headaches.
What problems is the product solving and how is that benefiting you?
I use Chainguard to secure containers and libraries. It reduces CVEs with a secure by default model and offers fast remediation.
Accounting
Strong Security and a Great Experience So Far
Reviewed on Mar 17, 2026
Review provided by G2
What do you like best about the product?
Chainguard is getting a lot of attention because it solves a very real (and growing) problem: software supply chain security—basically making sure the code and containers you run aren’t quietly compromised.
What do you dislike about the product?
Nothing yet it can be expensive. Learn g curve
What problems is the product solving and how is that benefiting you?
Chainguard is getting a lot of attention because it solves a very real (and growing) problem: software supply chain security—basically making sure the code and containers you run aren’t quietly compromised.