Chainguard Reviews & Product Details

Using chainguard essentially eliminates container library vulnerabilities coming from our Docker base images (as well as standard package installs!). When we scan our chainguard based images with grype, or snyk, the only vulnerabilities left are from our application installs. We are in the process of implementing chainguard base images across the enterprise, and are expecting over 80% reduction in open vulnerabilities across the board. Chainguard's customer support is excellent, they are one of the best software vendors I have ever worked with. Review collected by and hosted on G2.com.

The only real downside is you have to modify your Dockerfiles to work with the Wolfi OS, which is alpine-like (i.e. you have to use apk, etc.) If your current base image is not alpine based, there is some learning curve and work. Review collected by and hosted on G2.com.

Since implementing Chainguard's hardened base images, we've seen a dramatic reduction in vulnerabilities—over 70%. This reduction not only enhances our security posture but also saves our engineering teams an enormous amount of time that would otherwise be spent on vulnerability management and patching. Chainguard's approach introduces excellent security practices out of the box, meaning our engineers no longer have to worry about critical security concerns like rootless containers, proper permissions, and secure registries.

Chainguard sets itself apart by providing supply chain security through purpose-built packages in their registry, making it clear that while competitors might still be playing catch-up in the minor leagues, Chainguard is clearly in a league of its own, setting the standard for supply chain security. We've maximized the value of these images by ensuring reuse across our organization, categorizing images into language-based and application-based groups. This strategy allows us to gain the most value through frequent reuse of language-based images, while our centralized platform engineering teams benefit from using application-specific images at a different scale.

To drive adoption, we've integrated Chainguard images into our centralized internal developer portal, which our developers are already familiar with and use regularly. This seamless integration has significantly boosted adoption rates, further supported by our vulnerability management reduction program. Through this program, we've been able to recommend Chainguard images, reassuring teams that transitioning will save time and energy.

The service level agreements (SLAs) provided by Chainguard are also very attractive. The high speed of image updates ensures that we are always protected with the latest security enhancements. We've even integrated Chainguard into our automatic update tools, so our developers are always confident that they're working with the most up-to-date versions.

Overall, Chainguard's hardened base images have been a game-changer for our organization, providing unparalleled security, efficiency, and peace of mind. Review collected by and hosted on G2.com.

The documentation at times fall a little behind and the modern authentication mechanisms at times can create difficulties in integrating with other existing platforms that are not yet supportive of technologies like OIDC. Quite a few of the images require rework to convert from a standard Dockerhub image however, I believe that's expected. Review collected by and hosted on G2.com.

I was extremely happy with how trivial it was to swap in their FIPS images in place of the FOSS images we were using. They had a whole onboarding call, but we'd already deployed them to development as it was that fast and easy. Review collected by and hosted on G2.com.

Their pricing was a battle, they don't differentiate between very simple images and very complex ones, so making the case to use them fully is very difficult. I think a pricing model that more accurately reflects their value add would help, as some images are inherently more complex to replace than others. Review collected by and hosted on G2.com.

Chainguard has allowed us to develop at speed and scale allowing us to focus on features more than the development overhead, especially in mitigating CVEs. That said, the team that we interact with is the best part of Chainguard. Responsive, intelligent, and customer obsessed is the main reason we value and continue our relationship. Couldn't be happier. Review collected by and hosted on G2.com.

There isn't anything we don't like that I can think of. Review collected by and hosted on G2.com.

Security is hard on its own, and while many vendors focus on selling detection products, Chainguard does the opposite and solve a painful problem with little effort from users. Review collected by and hosted on G2.com.

Chainguard offers some free to use images, but only "latest" version and not stable versions. This makes impossible to use as an individual or for open source projects. Review collected by and hosted on G2.com.

I wrote a paper on container image security, evaluating the security of containers through reduction of potentially vulnerable components. It concludes that the usage of component reduction methods significantly reduces the amount of security vulnerabilities within container images. It also finds that, even though the probability of exploitation of the majority of vulnerabilities found by scanners is very low, employing them still is a strategically sound decision. When comparing different images with component reduced (i.e. "distroless images") alternatives, chainguard did by far the best job. As a consultant supporting product security teams in large enterprises we are recommending to integrate chainguard images to development teams and decision makers. It will save a lot of dicsussions, headaches and money!

Please find the paper here: https://mwager.de/assets/component_reduction_paper.pdf Review collected by and hosted on G2.com.

Nothing so far. Have a look at the paper, it clearly shows that Chainguard did the best job compared to all other alternatives. Review collected by and hosted on G2.com.

Since adopting Chainguard the number of vulnerabilities our scanning tools have found in our services has dramaticdally decreased. Chainguard also offers a good range of base images and has been able to build custom app images for us. Review collected by and hosted on G2.com.

Initial learning curve on how to migrate from standard base images to Chainguard images. We have had issues integrating Chainguard's Docker registry with out artifact storage tool. Review collected by and hosted on G2.com.

It's simplicity. Changing from a regular Image to use a Chainguard image as the base helps mitigate a lot of vulnerabilities, and it's a change any developer would be able to easily implement.

This is something that I would recommand to any developer or business that is looking to harden their applications. Securing the base image is the first step everyone should take. Review collected by and hosted on G2.com.

I have some uncertaincies about what the support will look like for users using the Developer Free tier in the future. Would like them to sllow all image versions and not just latest/stable for Free Tier. Review collected by and hosted on G2.com.

Chainguard allows developers to save a lot of time and effort by providing ready-to-use container images that are secure. In addition, the images provided are very lightweight. Review collected by and hosted on G2.com.

The custom linux distribution may be harder to work with, but wolfi-base is still quite similar to Alpine and hence not too complex. Review collected by and hosted on G2.com.

Attentive support team

Well documented service

Easy to use portal/UI

Flexible to customizations we requested Review collected by and hosted on G2.com.

None I can think of.

The limiting factor for chainguard is the upstream product maintenaners speed. Review collected by and hosted on G2.com.