Secured container workloads have reduced noise and monitoring improves with better debugging options
What is our primary use case?
I have been working in my current field for the last five and a half years. I have been evaluating Chainguard Containers for the last three months.
I was looking for security and compliance, supply chain integrity in our containers. We have heavy workloads which require security maintenance, and we wanted to reduce the burden on it. That is why we need something for debugging, traceability, and auditable builds. That is why we use Chainguard Containers.
I am currently using this tool and testing the log integrity and having all the security monitoring of the containers to ensure that there is no unusual case happening within containers. We are always using the container processing all the right traffic for us. Apart from it, I am just checking how much processing power it requires to handle the concurrency accordingly. I am also evaluating other tools, but Chainguard Containers is kind of becoming a permanent tool in our evaluation right now.
For security monitoring, I am using Chainguard Containers right now as an adapter functionality to my respective pod. What is happening is that we are basically pulling the logs of all the containers and auditing those logs with the help of Chainguard Containers and basically understanding exactly how our containers are behaving. A few things I liked about it are how easily Chainguard Containers documentation is to go through, and the integration was a bit seamless compared to other monitoring tools. Comparatively, I have tested a lot of tools such as DataDog, Snyk, and Wiz, and I found Chainguard Containers documentation a bit more comfortable. Apart from it, there are a lot of places where I found Chainguard Containers could have improvised, but throughout my experience right now, it felt a bit seamless compared to others. I am basically using it for logging and metrics or basically understanding of the auditing.
What is most valuable?
The best feature of Chainguard Containers is being distroless. That means I am a minimalist. I am a fan of having a minimalistic view in front of me and looking at the right dataset in front of me instead of GUI effects or a lot of animations in front of me. That is where I found Chainguard Containers delivers. There was a lot of less vulnerability, CVE counts in Chainguard Containers comparatively to other tools. The main thing I liked about it is that they follow the SBOM process and the continuous rebuilds they were doing, and they were helping me to rapidly remediate the failures which were happening. This was something I liked about it because the images are much more leaner and it helps me to reduce noise, which is kind of a thing I look for in microservices.
Sometimes if you are using the latest image, instability comes. However, if you are using a bit older image, I think that is more stable. Chainguard Containers is much more stable comparatively to others.
What needs improvement?
There are a lot of certain points where I feel that having the functionality of having debugging and ensuring that if I like, I can have the dependence of things where things I felt were lacking. Overall, the tool itself is kind of a great start for my evaluation. Because we are currently evaluating, we will have much more of an understanding of this tool again in the near future.
If you talk about the concurrent processing, there is some bit of mismanagement happening in Chainguard Containers, which I do not like about it and which is kind of a deal breaker for me. On terms of scalability, because it is hosted on Kubernetes, there is no issue with the scaling and handling the infrastructure. However, when it comes to processing, there is a kind of a bit of a delay which happens. For most customers, this will not be relevant because what we deal with is the concurrency, and for us, every microsecond counts. So for our use case, perhaps that is a limitation, but for the overall market, I do not think that will be a great limitation for them.
I'll say that having debugging possibilities can actually help to improvise Chainguard Containers more because as a product, I see a lack of visibility on that. Perhaps I might be wrong. I do not know exactly the way to do it. I am still in the evaluation process. That is one thing. The second thing is that there were no quick fixes available. That is problematic because if you are not able to configure it yourself, you should be able to get those quick fixes right away so that you can continue with your work. You need a detailed discipline if you want to debug those things because it is kind of a mess when you start debugging these containers when they fall. That is why I am still evaluating tools where I can get the balance of both.
What do I think about the stability of the solution?
Sometimes there are backend errors which we come across again and again, and there is a resolution, but there are pending tickets for it. That sucks sometimes. For now, I am just on the evaluation phase. I have not yet integrated with the real pipelines. So that is not a challenge for us, but in the near future, if we integrate it, that will be a real bottleneck for us if we are actually dealing with it.
How are customer service and support?
The customer support, for me, was not great. It was okay. The response is saved and versus the solution received, it was not that much. I'll say that they have to improvise a lot on the customer support. The key thing, customer obsession is one of AWS's major things. If you are not following it thoroughly, then you will not be in the market. A faster product support team response would be really great.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
We used to use multiple solutions, but we are not switching right now. We have not made the decision yet. So, it will be difficult for me to tell right now. I am evaluating it right now, but for more results and less noise.
How was the initial setup?
Initially, we had a lot of images which were kind of very heavy and outdated, which I replaced with the help of Chainguard Containers distroless. Apart from it, I am continuously testing on CI builds, not yet finalized yet. The overall PR processing time is lower than others which I have tested right now. That is kind of a plus gain for us as well because we try to automate as much as possible. Having a reduced timeline accordingly helps us to navigate.
What was our ROI?
It is an early stage to comment about it. However, based on the numbers I have, I'll say it definitely reduced my overall team's hours and cost spent on them. Definitely it will be a positive trend for me if I integrate it in my tool. However, considering the cost it incurs, I have to check exactly what it bills and basically how much time it saves. Occasionally, for a larger team, if they want to integrate it and they have, they have to put in fewer hours comparatively. So it will be a great tool to invest in.
What's my experience with pricing, setup cost, and licensing?
Currently, we are not paying for it. We are just evaluating right now, but we will get in discussion for that pricing and setup cost. So I cannot comment on that.
Which other solutions did I evaluate?
We used to use multiple solutions, but we are not switching right now. We have not made the decision yet. I am evaluating it right now, but for more results and less noise.
I was evaluating a lot of options. We are evaluating DataDog tools, Snyk, Wiz, and some other two companies as well. There are a lot of competitors for Chainguard Containers we are evaluating. For now, I cannot disclose that information, but Chainguard Containers is kind of a prominent service among the other competitors.
What other advice do I have?
Chainguard Containers on its own, the tool is great. The only thing I liked about Chainguard Containers is that the secured by default philosophy they have. That is where I really got connected to it because being a DevSecOp, this is something we look for from the scratch, because there are a lot of pods that are running inside our infrastructure. I want that to ensure that no pod is going nuts and ensuring that all the data log that is being processed is being processed as a productive workload, not as some hackers' attempts.
I am yet to get it to production right now because I am still in the evaluation phase. I am deliberately checking it out. It is a positive candidate for us to leverage it. However, for now, I have not yet decided because I am continuously evaluating its competitor as well. The good part I love about it is that it has zero CVE alerts, SBOM in it. That is something I loved about it, but there are a few things that I actually did not like about it. There were some problems which occurred, and there were no quick fixes. I have to wait for a longer duration, the SLA is a long wait. Basically, there is no shell support, and I have to get time to debug the things. That is where I felt the freedom of having a dev environment, where basically I should be able to debug on my own, was something lacking.
However, as a product, as a SaaS platform, if I integrate it to my platform, having a distroless image, is something that is cool. It helps to improve the team efficiency overall. However, as an individual person, I would love if there is some configurability there as well from a DevSecOps standpoint.
I'll say that if you need a distroless container-based system where basically you do not want to increase your size of image just because you want to secure your infra, then Chainguard Containers is a very good product to evaluate because it has less noise and comparatively to other toolsets. The second thing is, it has SBOM and zero CVE alerts, which is something always every security engineer is looking for. You can scale on Kubernetes, that is the plus point. That is something that makes this a competitive candidate to always have a lookout for.
I have covered my review from the last three months. I will be in a better state to have more discussion if we integrate it. I would rate this product a seven out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Essential for CVE-Free Container Management
What do you like best about the product?
I appreciate Chainguard's extensive range of catalog with more than 500 public images to choose from, which significantly enhances my experience by ensuring that an image such as Linkerd is available and likely vulnerability-free compared to other sources like DockerHub. The availability of such a vast selection of images provides us with assurance and flexibility, making it easier to maintain security standards. I value the proactive approach of Chainguard in addressing CVEs by ensuring the images are rebuilt daily, which gives me confidence in their security posture. Additionally, I find the initial setup process to be very easy, and I enjoy the self-management feature allowing me to choose the right images from the catalog effortlessly.
What do you dislike about the product?
It would be great if Chainguard's container registry could sync with AWS ECR so I could use my own private registry instead. I believe it's being worked on though.
What problems is the product solving and how is that benefiting you?
I use Chainguard for vulnerability-free container images, addressing CVE vulnerabilities and rebuilding daily. It offers over 500 compatible public images, enhancing security by avoiding CVE-prone DockerHub alternatives.
Effortless Supply Chain Security with Seamless Integration
What do you like best about the product?
What I appreciate most about Chainguard is how it simplifies and strengthens software supply chain security. The platform offers transparent visibility into dependencies, vulnerabilities, and build pipelines, all without introducing unnecessary complexity. I also value its seamless integration with our existing workflows, which enables our team to identify potential issues early and maintain confidence in our software releases. The combination of automation and practical insights truly sets it apart.
What do you dislike about the product?
The main challenge I’ve encountered with Chainguard is that the initial setup and configuration process can be somewhat time-consuming, particularly if you’re dealing with complex pipelines or managing several environments. After the setup is complete, everything operates smoothly, but getting all the integrations in place and fine-tuning the system at the start does demand some effort.
What problems is the product solving and how is that benefiting you?
Chainguard addresses the challenges of software supply chain security and dependency management. It enables us to spot vulnerabilities, apply necessary policies, and guarantee that only trusted components are included in our builds. As a result, we experience fewer security risks, quicker identification of potential problems, and greater assurance in the reliability of our software releases. The tool streamlines our workflow by saving time, minimizing manual checks, and providing our team with peace of mind that our pipelines remain secure.
Effortless Security and Zero CVEs for Container Images
What do you like best about the product?
Chainguard provides a strong security approach for container images and supply chain hygiene the images are minimal and well maintained by them and fully SBOM verified with consistently updated which reduces operational risk
the platform makes it easy to adopt secure by default practices without adding overhead to CI/CD pipelines and it helps a security companies to have images with zero CVEs
What do you dislike about the product?
I think the only concern is the pricing that can be a bit high for smaller teams
What problems is the product solving and how is that benefiting you?
Chainguard solves the ongoing challenge of keeping container images secure with zero CVEs instead of start patching these images from week to week
Easy-to-Use, Secure Container Images
What do you like best about the product?
The container images are easy to use and provide a secure environment.
What do you dislike about the product?
The integration process is not straightforward, and the cost can be high for individual users.
What problems is the product solving and how is that benefiting you?
Vulnerability scanner which helps me detect complex issues easily.
Great product, great customer service
What do you like best about the product?
A wealth of images and packages at the highest standard of security.
What do you dislike about the product?
It’s kinda pricey for a startup, but, ultimately, worth it
What problems is the product solving and how is that benefiting you?
Building rocket images on top of very secure base images, using secured packages.
The gold star vendor: sales, onboarding implementation, support, and product
What do you like best about the product?
The chainguard team was able to meet us where we were at, move extremely quickly to meet our deadlines, and everything _just worked_.
What do you dislike about the product?
Wiz sometimes detects false positives in cgr images.
What problems is the product solving and how is that benefiting you?
Passing audits, and getting our vuln counts to zero.
Why we chose Chainguard for securing container images
What do you like best about the product?
Chainguard’s minimalist, hardened container images with zero known CVEs, is going to significantly reduce our vulnerability management overhead. Not having to constantly chase patch cycles will save our teams countless hours.
The images are not just secure by default but gives us the confidence in both their integrity and provenance. We are currently looking at wider adoption across our teams and the society. What sets Chainguard apart is their commitment to transparency and compliance, making them a top choice for organisations with high security and regulatory requirements. If you are looking to build a secure, resilient container strategy, Changuard is worth serious consideration.
What do you dislike about the product?
This is very stage at the moment, but we look forward to working closely with Chainguard for feedbacks we get from our team as we start our wider rollout.
What problems is the product solving and how is that benefiting you?
We spend countless hours triaging CVEs, chasing patches and validating fixes - only to repeat the process when another image or dependency gets flagged. This endless cycle drains time, and slows down releases, Chainguard addresses this by eliminating the problem at the source with their secure, minimal images.
Shift left has become a must in modern DevSecOps, pushing security earlier into the development cycle to catch vulnerabilities before they reach production. By embedding security early in our CICD pipelines, Chainguard will allow the team to focus on building features and not fixing vulnerabilities, it's about making left lighter.
Fantastic Product and an Even Better Team!
What do you like best about the product?
From scoping to project completion the Chainguard team was amazing to work with and provided excellent customer support! The ease of use, implementation and integration also helped! Looking forward for new features being released!
What do you dislike about the product?
I have found no issue while working with the product so far!
What problems is the product solving and how is that benefiting you?
Chainguard is helping us reduce vulnerabilities by shifting left and reducing engineering time that it takes to patch vulnerabilities, saving us time and money!
Secure, Minimal, and Well-Supported — A Great Experience with Room for Transparency Improvements
What do you like best about the product?
Chainguard Images have been a transformative addition to our software supply chain strategy. The minimal, hardened, and continuously verified container images significantly reduce our attack surface while ensuring compliance and operational reliability.
One of the biggest pain points in container security is managing outdated or bloated base images filled with vulnerabilities. Chainguard solves this brilliantly with distroless, signed images that are continuously updated and come with built-in provenance and SBOMs. It’s clear they’ve thought deeply about what modern development teams need to build secure-by-default applications.
What really sets Chainguard apart, though, is their exceptional support. From day one, their team has been proactive, responsive, and genuinely invested in our success. Whether it was help with integration, optimizing our image choices, or answering security policy questions, their support engineers went above and beyond. Their documentation is also thorough and developer-friendly, which makes onboarding smooth and intuitive.
In summary: Chainguard Images bring peace of mind to any DevSecOps team, and their world-class support makes them a true partner in software supply chain security. Highly recommended for anyone building or deploying containers in a production environment
What do you dislike about the product?
One area that could use improvement is transparency around source code and SBOM (Software Bill of Materials) access. While the images are secure and well-maintained, having easier access to corresponding source repositories and complete SBOMs—preferably in an automated or standardized format—would help us meet internal audit and compliance requirements more seamlessly.
What problems is the product solving and how is that benefiting you?
The built-in signing, provenance, and emphasis on secure defaults have given our team increased confidence in what we’re deploying. Integration was straightforward, and the developer experience has been smooth from the start.
