Sold by: CleanStart Security
Deployed on AWS
CleanStart is a software supply chain security platform that provides secure, verifiable, and hardened container images built from source.
Overview
Organizations today face significant risks from vulnerabilities in base container images and opaque software supply chains, which often lead to security breaches and compliance failures. Traditional image building processes lack transparency and frequently include unnecessary packages that expand the attack surface. CleanStart addresses these challenges by providing a software platform that builds container images from the ground up using a deterministic and hermetic build system.
The platform delivers hardened, debloated container images that are built from source and aligned with SLSA Level 4 principles for strong provenance and transparency. By ensuring near-zero known vulnerabilities at the time of release, CleanStart provides a secure foundation for enterprise applications. This transition from vulnerable public images to verifiable, minimal images allows security teams to maintain a proactive posture against supply chain threats.
Core capabilities include native SBOM and AI BOM generation, cryptographic verification, and policy-driven enforcement for container security. CleanStart helps organizations simplify compliance with standards such as CIS Benchmarks, DISA STIGs, and FIPS 140-3. Typical use cases involve securing cloud-native applications, establishing trusted internal registries, and automating vulnerability management within the DevOps lifecycle.
Highlights
- Secure and verifiable container images built from source using deterministic and hermetic build systems aligned with SLSA Level 4 principles.
- Automated generation of SBOM and AI BOM providing full transparency and traceability for all components within the software supply chain.
- Hardened and debloated images that comply with CIS Benchmarks and DISA STIGs to reduce attack surface and simplify security audits.
Details
Sold by
Categories
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
For Individual Users | CleanStart versions are available in the latest three releases | $40,000.00 |
Vendor refund policy
All fees are non-refundable. We do not provide refunds or credits for partial subscription periods or unused services. All sales are final.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
CleanStart provides technical support for platform integration and image security inquiries through our dedicated support center. via
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
The new standard for minimal, secure, low-CVE images you can trust.
Docker Hardened Images (DHI) are secure and fully vetted container images designed to meet the demands of organizations operating in high-security and compliance-driven environments. These images help enterprises mitigate risks from untrusted open-source content and address operational and compliance inefficiencies in the software supply chain.
Docker Hardened Images provide low-to-no CVEs, continuous patching, and SLSA Build Level 3 provenance for thousands of open source applications.
![Docker - Accelerate how you build, share, and run applications [Use]](https://d7umqicpi7263.cloudfront.net/img/product/75c86351-f0a2-4727-8c30-e63a964d7bdf.com/5c52f7fb9b471662f8b00586df713879)
Your foundation for secure, intelligent development.
A Docker Business or Teams plan unlocks Dockers full suite of products, including Docker Desktop, Docker MCP Catalog & Toolkit, and Docker Hub, supported by robust enterprise features for security, compliance, and centralized administration. These capabilities enable organizations to govern developer environments, integrate AI workflows securely, and maintain full visibility across distributed teams.
Hardened Image Catalog subscriptions also available.
https://www.docker.com/pricing/
Latest is tomorrow's zero-day. Pinned is yesterday's CVE. Root solves for both.
The Root OSS Security Platform delivers continuously remediated container images and application dependencies, rebuilt from source, tested, and validated before they reach your build environment. Hardened open source for Debian, Ubuntu, and Alpine base images, plus JavaScript, Python, and Java libraries. Every artifact ships with SBOM, VEX, and attestation.
In March 2026, five major supply chain attacks hit in 12 days, including Trivy and Axios. Scanners find problems. Root fixes them. Change one line in your Dockerfile. That's it.
Start with Essentials. Scale to Enterprise with contractual SLAs and service credits. All tiers: 12-month term, billed monthly.
Aqua secures every cloud native application on AWS across the entire lifecycle. Protect containers, serverless, Kubernetes, and AI workloads to accelerate innovation and scale securely. Prevent attacks and reduce risk with security enforced from code to cloud to prompt
For the North American regions, Quay.io is a hosted container image registry service that enables customers to store and serve their containerized software and cloud-native artifacts without managing a globally available registry. It features integration into git providers, vulnerability reporting in real-time for OS and programming language packages inside the images, a rich permission model, a flexible image lifecycle, a comprehensive API, and strong tenant isolation. Quay.io is serving image content via global content delivery networks with high uptime and is a fully managed service provided by Red Hat. A flexible pricing model is available and aligned with the amount of non-public image repositories.
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.