Chainguard Images - GovCloud

What do you like best about the product?

They have the ability to execute on their mission to secure the entirety of the software supply-chain. I appreciate that they have products that cover most of our needs and are working on more to fill the gaps.

What do you dislike about the product?

Attacks on the supply-chain are such a growing problem that it’s not possible for them to move fast enough

What problems is the product solving and how is that benefiting you?

Having a trusted source for our open-source allows us to continue to move as fast as the business wants to, not injecting friction into our processes unnecessarily all in the name of "security". The threats that we face from supply-chain compromise seemingly grow into new domains and scope every day with impact that we can't keep up with. Now that Chainguard can help us with libraries, container images, actions, skills and more, we know that we can meet the challenge that we face in securing our supply-chain, reducing churn on security engineers and keeping the business happy.

What do you like best about the product?

Since we work with a lot of classified data, being able to resolve CVEs in minutes through your vast catalog of certified package version checks has saved our developers time. It lets us focus on what really matters: the end product, rather than compliance.

What do you dislike about the product?

I’m working on onboarding all of our packages to use Chainguard services, and I’m realizing that there are some packages you don’t currently provide. Because of that, finding a workaround is taking some time.

What problems is the product solving and how is that benefiting you?

Cve remediations, it allows me to spend less time struggling with finding solutions and more time reaching out to customers and resolving their feedback

What do you like best about the product?

Great Customer service, our account manager is so on top of things! Great product and continued innovation

What do you dislike about the product?

.Net availability for Chainguard libraries isn’t available yet and not sure if it’s on the roadmap.

What problems is the product solving and how is that benefiting you?

Low resource needs for CVE resolution

What do you like best about the product?

The seamless integration with our existing CI/CD pipeline, along with Chainguard’s transparency through SBOM and the overall Chainguard Libraries experience.

What do you dislike about the product?

I antipate Chainguard's capability to audit which JS Libraries appear from Chainguard vs NPM even after they're drawn through JFrog/Arctifactory.

What problems is the product solving and how is that benefiting you?

Transparency and risk mitigation.

What do you like best about the product?

I appreciate how Chainguard reduces CVEs through its secure-by-default model and fast remediation time. I'm impressed by Chainguard's dedication to secure software delivery and its continuous expansion of complementary products. The company exhibits the passion of a startup combined with the dedication of a well-developed organization. I also find it extremely easy to add the nightly downloads to Artifactory and integrate them into GitLab pipelines. Additionally, I use complementary products like libraries, advisories, and soon-to-come agent skills, which are quite beneficial.

What do you dislike about the product?

I don't like compensating for bad vendor practices like vulnerable code being in library and mod files. While not executable, this causes administrative headaches.

What problems is the product solving and how is that benefiting you?

I use Chainguard to secure containers and libraries. It reduces CVEs with a secure by default model and offers fast remediation.

What do you like best about the product?

Chainguard is getting a lot of attention because it solves a very real (and growing) problem: software supply chain security—basically making sure the code and containers you run aren’t quietly compromised.

What do you dislike about the product?

Nothing yet it can be expensive. Learn g curve

What problems is the product solving and how is that benefiting you?

Chainguard is getting a lot of attention because it solves a very real (and growing) problem: software supply chain security—basically making sure the code and containers you run aren’t quietly compromised.

What do you like best about the product?

There is a good catalog of fips compliant images, and they support customization by adding packages directly to a base image.

What do you dislike about the product?

Some image were missing which complicated the process of migrating all our services.

What problems is the product solving and how is that benefiting you?

It is helping us achieve fedramp high which expands our client base.

What do you like best about the product?

Chainguard zero- and minimum-vulnerability containers help us deliver secure services and products to our customers with less effort and reduced cybersecurity risk. These containers are a 1-to-1 replacement for existing publicly available containers, and they integrate easily into our development pipelines with no additional effort.

What do you dislike about the product?

Chainguard containers are expensive. However, when I consider how many staff hours go into building and maintaining hardened, low-vulnerability containers for applications, the cost does pay off.

What problems is the product solving and how is that benefiting you?

Chainguard helps reduce cybersecurity risks and the effort associated with our applications by providing secure open-source containers. This, in turn, lowers our need to build and maintain low-vulnerability forks of open-source packages.

What do you like best about the product?

I like the hardened images and their support for debugging and other channels. I appreciate the vLLM and OSS support along with the images that we need major upgrades for. I also like their release cadence and find their customer support to be good. I value the minimal, hardened, continuously patched base images that work with vLLM, which has a fast release cadence and evolving dependencies. I also like the immutable image tags, SBOM, and continuous rebuild features.

What do you dislike about the product?

I find the lack of easy migration guides and more FDE support frustrating. Also, the initial setup was problematic for GPU services as core NVIDIA images are not supported.

What problems is the product solving and how is that benefiting you?

I use Chainguard for hardened images, better CVE metrics, securing workloads without root access, and aligning with compliance requirements.

What do you like best about the product?

I appreciate Chainguard's extensive range of catalog with more than 500 public images to choose from, which significantly enhances my experience by ensuring that an image such as Linkerd is available and likely vulnerability-free compared to other sources like DockerHub. The availability of such a vast selection of images provides us with assurance and flexibility, making it easier to maintain security standards. I value the proactive approach of Chainguard in addressing CVEs by ensuring the images are rebuilt daily, which gives me confidence in their security posture. Additionally, I find the initial setup process to be very easy, and I enjoy the self-management feature allowing me to choose the right images from the catalog effortlessly.

What do you dislike about the product?

It would be great if Chainguard's container registry could sync with AWS ECR so I could use my own private registry instead. I believe it's being worked on though.

What problems is the product solving and how is that benefiting you?

I use Chainguard for vulnerability-free container images, addressing CVE vulnerabilities and rebuilding daily. It offers over 500 compatible public images, enhancing security by avoiding CVE-prone DockerHub alternatives.