Listing Thumbnail

    Chainguard Images

     Info
    Sold by: Chainguard 
    Deployed on AWS
    Chainguard Images are a collection of minimal, hardened container images that are patched and rebuilt daily, and come with low-to-zero known CVEs, SLSA 2 compliance, signatures, and SBOMs.
    4.7

    Overview

    Chainguard Images are a collection of minimal, hardened container images. They only contain what is required to build or run your application, delivering on average a 97.6% reduction in CVEs. Each Chainguard Image is patched and rebuilt daily from source with the latest security fixes and CVE remediations, resulting in low-to-zero known CVEs, verifiable image signatures and attestations, high-quality SBOMs, and SLSA Level 2 - Build compliance.
    The Chainguard Images inventory contains images for the most popular base images, including Go, Python, Ruby, PHP, Node, and more; and a selection of common developer tools, applications, data products, and servers.
    Chainguard Production Images are available for FIPS compliance, major and minor versions, enterprise SLAs, and customer support. Chainguard offers custom pricing through AWS Marketplace Private Offers.

    Chainguard provides custom pricing for customers via Private Offer. Please contact AWS-marketplace@chainguard.dev  for more information on our pricing model. Pricing displayed is per Image.

    Highlights

    • Low-to-zero known CVEs with daily patches and rebuilds
    • Full SLSA Build Level 2 provenance, signatures, and SBOMs
    • Images with FIPS validation available upon request

    Details

    Delivery method

    Deployed on AWS
    New

    Introducing multi-product solutions

    You can now purchase comprehensive solutions tailored to use cases and industries.

    Multi-product solutions

    Features and programs

    Trust Center

    Trust Center
    Access real-time vendor security and compliance information through their Trust Center powered by Drata or Vanta. Review certifications and security standards before purchase.

    Buyer guide

    Gain valuable insights from real users who purchased this product, powered by PeerSpot.
    Buyer guide

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    Chainguard Images

     Info
    Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    12-month contract (6)

     Info
    Dimension
    Description
    Cost/12 months
    Starter Images
    :latest version of OSS packages
    $0.00
    Application Image
    The listed pricing is for illustrative purposes only and does not reflect actual pricing, which will be provided upon request, exclusively as part of a private offer from Chainguard
    $0.01
    Base Image
    The listed pricing is for illustrative purposes only and does not reflect actual pricing, which will be provided upon request, exclusively as part of a private offer from Chainguard
    $0.01
    FIPS Image
    The listed pricing is for illustrative purposes only and does not reflect actual pricing, which will be provided upon request, exclusively as part of a private offer from Chainguard
    $0.01
    AI Image
    The listed pricing is for illustrative purposes only and does not reflect actual pricing, which will be provided upon request, exclusively as part of a private offer from Chainguard
    $0.01
    Standard CSM
    The listed pricing is for illustrative purposes only and does not reflect actual pricing, which will be provided upon request, exclusively as part of a private offer from Chainguard
    $0.01

    Vendor refund policy

    Contact us for refund information

    How can we make this page better?

    Tell us how we can improve this page, or report an issue with this product.
    Tell us how we can improve this page, or report an issue with this product.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    Software as a Service (SaaS)

    SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.

    Support

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Product comparison

     Info
    Updated weekly

    Accolades

     Info
    Top
    10
    In Application Stacks, Operating Systems
    Top
    100
    In Collaboration & Productivity, Application Development
    Top
    10
    In Testing

    Customer reviews

     Info
    Sentiment is AI generated from actual customer reviews on AWS and G2
    Reviews
    Functionality
    Ease of use
    Customer service
    Cost effectiveness
    0 reviews
    Insufficient data
    Insufficient data
    Insufficient data
    Insufficient data
    Positive reviews
    Mixed reviews
    Negative reviews

    Overview

     Info
    AI generated from product descriptions
    Daily Security Patching and Rebuilding
    Container images are patched and rebuilt daily from source with the latest security fixes and CVE remediations.
    Vulnerability Reduction
    Minimal, hardened container images delivering on average a 97.6% reduction in CVEs with low-to-zero known vulnerabilities.
    Supply Chain Security Compliance
    Full SLSA Level 2 - Build compliance with verifiable image signatures, attestations, and high-quality SBOMs.
    Multi-Language Runtime Support
    Pre-built images available for popular programming languages and runtimes including Go, Python, Ruby, PHP, and Node.
    FIPS Compliance Availability
    Production images with FIPS validation available for regulatory compliance requirements.
    Automated Vulnerability Remediation
    Automatically removes up to 95% of CVEs without requiring code changes, reducing vulnerability and patch management backlogs.
    Daily Security Patching and Hardening
    Curated images are patched and hardened daily from source with latest security fixes and CVE remediations, resulting in Zero or Near-Zero CVEs.
    Software Bill of Materials Generation
    Generates high-quality SBOMs in multiple formats including raw JSON, SPDX, and Cyclone DX to address software supply chain and compliance requirements.
    CI/CD Pipeline Integration
    Integrates with CI/CD pipelines and container deployment platforms through simple API calls.
    Build Compliance Certification
    Achieves SLSA Level 2 Build compliance for container images and applications.
    Static Application Security Testing
    Identifies vulnerabilities and weaknesses in custom code with support for 25+ languages and frameworks, scanning uncompiled code and re-scanning only new or modified code.
    Software Composition Analysis
    Identifies and prioritizes open source vulnerabilities, takes inventory of open source components and dependencies, and evaluates risks of open source licenses.
    Infrastructure as Code Analysis
    Detects security misconfigurations in IaC templates using KICS to prevent errors such as open storage buckets, insecure databases, and excessive privileges.
    Real-time IDE Security Scanning
    Provides real-time vulnerability detection during IDE development for both human-generated and AI-generated code, identifying vulnerabilities, unmasked secrets, vulnerable container images, and malicious open source packages.
    Agentic-AI Remediation
    Generates remediation suggestions using AI agents that access proprietary databases and customized AI models to provide context-aware code fixes with interactive refinement capabilities.

    Contract

     Info
    Standard contract
    No
    No

    Customer reviews

    Ratings and reviews

     Info
    4.7
    72 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    82%
    17%
    1%
    0%
    0%
    2 AWS reviews
    |
    70 external reviews
    External reviews are from G2  and PeerSpot .
    Financial Services

    Strong Security SLA That Significantly Reduced Our Vulnerability Exposure

    Reviewed on Jul 07, 2026
    Review provided by G2
    What do you like best about the product?
    They offer a very strong security SLA, and it has helped us reduce a significant portion of our vulnerability surface and overall exposure.
    What do you dislike about the product?
    Getting adoption going across the organization can be a challenge, especially since there are a fair number of exceptions and special cases to account for.
    What problems is the product solving and how is that benefiting you?
    Vulnerability remediation helps us stay in compliance, maintaining the required performance in our complaince metrics, intergrating with our artifactory, at a resonable roi for the SLA
    Computer Software

    Seamless Chainguard FIPs Compliance with Consistent JFrog Artifactory Pulls

    Reviewed on Jul 02, 2026
    Review provided by G2
    What do you like best about the product?
    We use the Chainguard FIPs containers for compliance with some of our government customers. It is relatively seamless to plug-and-play our applications into the Chainguard FIPs image and have it just work. We integrate the Chainguard repo into our Jfrog artifactory and that makes the docker image pull process pretty consistent across the other processes at our company.
    What do you dislike about the product?
    The pricing structure is a bit harsh. The cost-per image is pretty significant and we've made some engineering mistakes where we purchased an image, realized we didn't actually need it, and just wasted a bunch of money on nothing.
    What problems is the product solving and how is that benefiting you?
    Chainguard is helping us accelerate both the migration of our existing commercial products and the development of new products for our government customers who require FIPs encryption.

    Without Chainguard, we would have had to spend many more engineering hours addressing security vulnerabilities and enabling FIPs mode in our containers and Python applications.
    Computer Software

    Lean, mostly CVE-free base images with wide flexibility and FIPS compliance

    Reviewed on Jun 29, 2026
    Review provided by G2
    What do you like best about the product?
    Their base image support is notable: the images are lean and mostly free from CVEs. They also provide a high range of possibilities and FIPS compliance.
    What do you dislike about the product?
    Their UI for reviewing CVE patches feels overwhelming and makes it difficult to locate results for specific packages. The CLI's login flow also lacks clear documentation. Finally, they now rely more on upstream patches for CVE fixes than they did previously, which may be a consequence of the wider range of technologies they support.
    What problems is the product solving and how is that benefiting you?
    As many of our customers scan our products for CVEs and we have a docker based product it is essential that we have near zero CVEs in our base images, which provides a significant ROI even though the somewhat high licensing price.
    Nathan P.

    CVE Management and Remediation: A return to sanity

    Reviewed on Jun 26, 2026
    Review provided by G2
    What do you like best about the product?
    At first, I assumed it would be more like, “oh, they’ll make my life easier with CVEs.” But after using the service, I’ve found the real strength is the ability to build custom images that include the packages and libraries you actually need. In a lot of architectures you end up with plenty of one-off images, and with Chainguard you can replace those with their CVE-hardened versions.
    What do you dislike about the product?
    This isn’t a complaint, and I know it’s already on their roadmap, but I’d really like to see STIG and FIPS VMs offered in addition to their container images. That would help a lot with on-prem infrastructure, especially if I could swap out all the OSs on my bare-metal servers and OpenStack VMs.
    What problems is the product solving and how is that benefiting you?
    Time.

    The open source images, as well as the base images we use for our own applications, create a large attack surface. We can remediate issues ourselves by swapping libraries, patching images, or forking upstream, but it turns into a never-ending game of whack-a-mole. Chainguard changes that by letting me continuously update and address CVEs across all of our images, in seconds rather than hours.

    Also the price point for their product catalog is more than worth it if you consider the worth of several engineers consistently focusing (and repeating) on CVE tasks.
    Stacey Z.

    Trusted Partner for Secure Container Infrastructure

    Reviewed on Jun 26, 2026
    Review provided by G2
    What do you like best about the product?
    Chainguard's security-first approach, combined with the expertise of their engineering team, has been the most valuable aspect of our partnership. Their minimal, hardened container images and FIPS-compliant libraries have helped simplify our FedRAMP readiness efforts while reducing software supply chain risk. We also appreciate their responsiveness, technical knowledge, and willingness to work collaboratively to resolve implementation challenges and support our engineering teams.
    What do you dislike about the product?
    We have no significant concerns at this time and have been pleased with our overall experience working with Chainguard.
    What problems is the product solving and how is that benefiting you?
    Chainguard is helping us strengthen our software supply chain security while accelerating our FedRAMP readiness. Their hardened container images and FIPS-compliant cryptographic libraries reduce the effort required to build and maintain secure container images, simplify compliance with federal security requirements, and help minimize vulnerabilities in our software stack. This allows our engineering teams to focus on delivering product capabilities while improving the security and integrity of our containerized workloads.
    View all reviews