Chainguard Images

What do you like best about the product?

The fast CVE remediation requires a minimal images.
The well-thought-out authentication flow for CLI and a simple, but complete interface.

What do you dislike about the product?

The login flow is generally fine, but from time to time I get a “something went wrong” message on the Auth0 page. It doesn’t happen often, and it’s not a big deal.

What problems is the product solving and how is that benefiting you?

They allow us to lower our CVE count, which is the main advantage of using Chainguard images.
Before, while using public Docker images, we couldn't hit 0 CVE; it was impossible. Chainguard made it possible

What do you like best about the product?

Reducing CVEs is obviously important, but even more so are the people who work there and the support they provide. They genuinely care about helping their clients get the most out of their products and services.

What do you dislike about the product?

Honestly, I cant think of anything that I dislike about them.

What problems is the product solving and how is that benefiting you?

Chainguard provides hardened container images that dramatically reduce our CVE exposure. It cuts down the vulnerability noise our team has to triage, letting us focus on shipping product instead of chasing base image issues.

What do you like best about the product?

The CVE reduction we’ve seen with Chainguard images has been a huge lift for us. The UI offers robust functionality, and it’s well supported by Chainguard’s tooling and integration points. The documentation is excellent, and the team has been amazing—especially Eric and Gem.

What do you dislike about the product?

Generally don't have anything to share around dislikes.

What problems is the product solving and how is that benefiting you?

Improved supply chain security posture, minimized images, etc.

What do you like best about the product?

Chainguard container images are very well engineered, well managed, and well supported. The company stays focused on providing meaningful, effective security, and that focus shows in the overall experience.

The images are updated promptly as vulnerabilities are resolved by product owners and communities. For example, I was tracking a particularly high-impact npm vulnerability, and our node/npm images were updated within four hours of the release of the new (remediated) npm version.

Wolfi, as a container-focused Linux distribution, is well planned and well implemented. I especially appreciate the glibc compatibility (in contrast to Alpine).

Chainguard has also done a great job developing tools and information that can be used in automated processes, rather than only being available via a web page.

Overall, I’ve appreciated the depth of knowledge on the technical team. I’ve learned a huge amount and added a significant number of security tools based on my conversations with our technical support team. The product support lead for our company has done an amazing job providing everything possible for us to be successful.

What do you dislike about the product?

The most difficult issue I’ve encountered when using the Chainguard container images is the complexity of the web pages for the container products.

My company has a specific need to use only the latest updated version within each supported product major version. Because of that, it was hard to explain to other users which label they should use. For example, I need teams to refer to images by product and major version, e.g., node:24-latest. However, the same image might also be referenced as “node:latest” or “node:24.9,” which created confusion. I ended up developing an internal dashboard to make it clearer which images to use to meet our compliance requirements.

Note: I understand that many other companies might prefer node:latest or a pinned version, so Chainguard needs to provide all the labels to give customers flexibility and choice. In our case, though, that flexibility made it harder for some of our teams to consistently select the correct option for our needs.

What problems is the product solving and how is that benefiting you?

Chainguard provided us with a solution for building containers configured to minimize the attack surface and kept up to date as security patches are released.

Across our teams, we’ve used images based on a range of distributions, including Ubuntu, Debian, Alpine, and others. Chainguard’s Wolfi OS has been more compatible with glibc-based components, and it’s updated much more frequently than the other container options we’ve used. Chainguard’s container images are the gold standard for deploying and maintaining security-focused containers.

What do you like best about the product?

the idea of not having to think about vulnerabilities
and their team support

What do you dislike about the product?

UI is slighly clunky, the CLI could be improved

What problems is the product solving and how is that benefiting you?

Keeping the CVE count low really helps us, because it lets us move faster and avoid having to maintain the base images ourselves.

What do you like best about the product?

What stands out most about Chainguard is the combination of technical excellence, operational maturity, and customer obsession that is rarely found in a single platform.

First and foremost, the breadth and depth of their image catalog is exceptional. Chainguard provides one of the most comprehensive collections of secure, minimal, and production-ready container images available today. The catalog covers a wide range of modern workloads and significantly reduces the operational burden of building, maintaining, and securing custom base images internally.

Equally impressive is their flexibility. When an image is not already available in the catalog, the Chainguard team demonstrates a willingness to engage directly with customers and evaluate adding new images based on real-world requirements. This level of responsiveness transforms the relationship from that of a traditional vendor into a true engineering partnership.

From a security and reliability perspective, the quality of the images themselves is outstanding. The images are thoughtfully curated, continuously maintained, and designed with a strong security-first philosophy. They provide a substantial reduction in vulnerability exposure while preserving compatibility and operational simplicity. For organizations focused on supply chain security, compliance, and reducing risk, Chainguard represents a significant advancement over traditional container image strategies.

The API they offer is also robust and very polished with a ton of features that are much needed from an operational standpoint that are often not present with other vendors. Chainguard has also curated many helpful tools to help with the process as well.

The customer experience is equally noteworthy. Their onboarding process is among the best I have encountered. The team is highly knowledgeable, responsive, and capable of engaging at both strategic and deeply technical levels. Whether discussing platform architecture, implementation details, or organizational adoption, they consistently demonstrate expertise and a genuine commitment to customer success.

The user experience deserves special recognition as well. The platform's UI and UX are exceptionally well designed—clean, intuitive, and efficient. Complex security and image management workflows are presented in a way that is approachable without sacrificing depth or functionality. It is clear that significant attention has been invested in making the platform easy to navigate and operationalize at scale.

Overall, Chainguard has built a platform that excels across the dimensions that matter most to modern platform engineering and SRE organizations: security, reliability, usability, scalability, and customer partnership. Their extensive image ecosystem, willingness to adapt to customer needs, world-class support organization, and polished user experience make them one of the strongest solutions available for securing and managing containerized workloads.

What do you dislike about the product?

There are no real downsides to using chainguard that I've experienced.

What problems is the product solving and how is that benefiting you?

One of the biggest challenges Chainguard helps us solve is reducing the operational overhead associated with container image security and vulnerability management. Prior to adopting Chainguard, a significant amount of engineering effort was spent tracking, remediating, rebuilding, and validating container images in response to newly disclosed CVEs. While that work is necessary, it is rarely a differentiating activity for an engineering organization and can quickly consume valuable platform engineering resources.

Chainguard dramatically shortens the time between vulnerability disclosure and remediation. Their ability to rapidly rebuild and publish updated images allows us to address security findings much faster than we could through internal processes alone. As a result, we are able to maintain a significantly lower vulnerability footprint across our containerized workloads while reducing the operational burden on our teams.

This has been particularly valuable from a compliance and regulatory perspective. As an organization pursuing and maintaining FedRAMP compliance, minimizing CVE counts and demonstrating strong vulnerability management practices is critical. Chainguard has helped us consistently reduce the number of vulnerabilities identified in our environments, making audits, security reviews, and continuous compliance efforts substantially easier to manage.

Beyond the direct security benefits, Chainguard allows our engineers to focus on higher-value initiatives rather than spending cycles maintaining base images and chasing vulnerability remediation work. The platform effectively shifts a large portion of the container security lifecycle to a team whose core competency is maintaining secure software supply chains, which improves both our security posture and operational efficiency.

Ultimately, Chainguard is not just helping us reduce CVEs—it is helping us build a more scalable, secure, and sustainable approach to software supply chain security while freeing engineering resources to focus on delivering business value.

What do you like best about the product?

The product meets expectations and easily removes the headache of vulnerabilities in container images with simply migration and product adoption.

What do you dislike about the product?

There is a learning curve for developers to understand how to transform their current image but once they understand what is required, it is relatively simple process.

What problems is the product solving and how is that benefiting you?

For my current company, container image vulnerabilities but it's having high trust in their build processes and SLAs which enable true speed of remediation.

What do you like best about the product?

Chainguard reduces the total number of vulnerabilities that our team has to spend time patching, both in container images and from open-source libraries. The features that ensure the image dependencies are minimalized and hardened to FIPS and FedRAMP standards are very valuable for us. The initial setup was very easy, allowing us to switch over 50 containers to Chainguard within less than a month.

What do you dislike about the product?

It takes the team a while to create a new image for a 3rd party tool, if they do at all.

What problems is the product solving and how is that benefiting you?

I use Chainguard to reduce the total number of vulnerabilities in our images and cut down the time my team spends patching vulnerabilities, as well as to meet FedRAMP and FIPS requirements.

What do you like best about the product?

They have the ability to execute on their mission to secure the entirety of the software supply-chain. I appreciate that they have products that cover most of our needs and are working on more to fill the gaps.

What do you dislike about the product?

Attacks on the supply-chain are such a growing problem that it’s not possible for them to move fast enough

What problems is the product solving and how is that benefiting you?

Having a trusted source for our open-source allows us to continue to move as fast as the business wants to, not injecting friction into our processes unnecessarily all in the name of "security". The threats that we face from supply-chain compromise seemingly grow into new domains and scope every day with impact that we can't keep up with. Now that Chainguard can help us with libraries, container images, actions, skills and more, we know that we can meet the challenge that we face in securing our supply-chain, reducing churn on security engineers and keeping the business happy.

Chainguard Containers is primarily used for securing containerized applications, reducing vulnerabilities in the software supply chain, and meeting compliance requirements. The SaaS platform is built on Java and React, so Java images are directly pulled from Chainguard Containers, which reduces the vulnerability in that image to attack the application and gives hackers a very small attack surface to the application.

After switching to Chainguard Containers, it was noticed that if you pull any open-source image, such as Java OpenJDK, you have to do the dependency patching yourself, but Chainguard Containers regularly updates the images with patched dependencies, making it very useful and less vulnerable to hackers.

The best features of Chainguard Containers are the strong focus on software supply chain security, the provision of minimal container images with a very small attack surface, and the practice of regularly updating images with patched dependencies, which is very useful for a secure application.

The most impactful features are the minimal container images and the patched dependencies, which reduce manual effort to patch the image every time a vulnerability comes, saving engineers' time, and if there are already patched dependencies, then it is very secure and reduces the vulnerability of the image.

Chainguard Containers are very positive for the SaaS platform. Before switching, dependencies were regularly patched and open-source tools were used to detect vulnerabilities. Vulnerabilities in the base image would be found and fixed. However, after switching to Chainguard Containers, it has significantly impacted the effort and time required. Now, the latest image of whatever language is used for building the application is pulled directly from Chainguard Containers, resulting in a very secure and compliant image.

Specific outcomes and metrics show that before this, every month there would be 15 to 20 vulnerabilities, but after switching to Chainguard Containers, there are now only one or maybe two vulnerabilities. Time is saved by 60 to 70% because previously it was necessary to first find the vulnerabilities in the base image, then find the patched version and manually patch that version in the base image, which took a lot of effort from engineers. The improvement is very good, and 70% of the time on securing the base image has been reduced.

Chainguard Containers are the best in minimal container images, and they regularly update their images, making it very easy to integrate with existing container platforms. They have a strong focus on software supply chain security.

The biggest challenge in Chainguard Containers is that they provide minimal images, which can make troubleshooting difficult because common debugging tools are also not included. More documentation and troubleshooting guidance for teams transitioning from traditional container images would be helpful.

Chainguard Containers would receive a 10 out of 10 rating, with the only improvement needed being documentation for minimal images. In minimal images, not all commands are working, making troubleshooting for teams a struggle. More documentation for troubleshooting applications in minimal images would be very helpful.

Chainguard Containers has been used for about eight to nine months in production and development environments.

The features are very great, and the support is also very good, so there is no need for improvements in this area.

If you are struggling with vulnerabilities and compliance management and looking for a secure base image solution, Chainguard Containers can be used, which has a catalog of thousands of images, so whatever you are building, you can directly pull images from Chainguard Containers, and it will be very helpful for you. I would rate this product 10 out of 10.

Public Cloud

Amazon Web Services (AWS)