Startups > Chainguard

Chainguard

Chainguard delivers zero-CVE container images and libraries for secure software supply chains.
- $892M total Founded 2021 Kirkland, Washington 595 employees
Chainguard provides secure-by-default container images, language libraries, and VM images with zero known CVEs, eliminating vulnerabilities at the source rather than scanning after deployment. Every artifact includes built-in SBOMs, signed provenance, and daily security patches with an SLA-backed remediation guarantee. The platform delivers a 97.6% reduction in CVEs on average and serves enterprises and development teams building software supply chains that require compliance and security assurance.
Problem solved
Development teams struggle to secure container images and dependencies against supply chain attacks and vulnerabilities, requiring expensive post-deployment scanning and remediation cycles.
Target customer
Enterprise engineering teams and DevSecOps organizations using containerized infrastructure who require compliance, supply chain security, and minimal vulnerability management overhead
Website LinkedIn Crunchbase Twitter / X
Founders
D
Dan Lorenc
CEO & Co-Founder
Former Google engineer (2012+) who worked on Google's internal security systems and led work on Minikube; contributed to Kubernetes, Sigstore, and Distroless; MIT graduate with deep expertise in open-source supply chain security.
K
Kim Lewandowski
Co-Founder
Veteran open-source and infrastructure engineer with contributions to Kubernetes, Knative, Sigstore, and SLSA frameworks.
V
Ville Aikas
Co-Founder
Open-source infrastructure expert with contributions to major supply chain security projects including Kubernetes and Sigstore.
M
Matt Moore
Co-Founder
Open-source security veteran who contributed to Kubernetes, Knative, Sigstore, and SLSA.
Funding history
Seed $5M December 2021 Led by Amplify Partners
Series A Undisclosed June 2022 Led by Sequoia Capital · Live Oak Ventures, Mantis VC
Series B $61M November 2023 Led by Spark Capital · Sequoia Capital, Amplify Partners, Mantis VC, Banana Capital
Series C $140M July 2024 Led by Redpoint Ventures · Lightspeed Venture Partners, IVP, Sequoia Capital, Spark Capital, Mantis VC
Series D $356M April 2025 Led by Kleiner Perkins · IVP, Salesforce Ventures, Datadog Ventures, all existing investors
Debt $280M October 2025 Led by General Catalyst
Total raised: $892M
Industries
Cloud Security Developer Tools Enterprise Software Open Source Security
Pricing
Catalog pricing based on engineering organization size with unlimited access to 1,800+ images and 10,000+ packages; Per-Image pricing for targeted use cases; Free tier includes ~50 container images
Integrations
Kubernetes, Sigstore, SLSA, Minikube
Tech stack
jQuery (JavaScript libraries) core-js (JavaScript libraries) Google Analytics (Analytics) Nginx (Reverse proxies) OpenResty (Web servers) Varnish (Caching) Google Workspace (Email) Cloudflare (CDN) jsDelivr (CDN) cdnjs (CDN) Unpkg (CDN) Google Tag Manager (Tag managers) Webflow (Page builders)
Website
chainguard.dev/
Competitors
Amazon ECR Public
Broad container registry without Chainguard's security-by-default approach, zero-CVE guarantee, or SLA-backed patching.
Docker Hub
General-purpose image repository without dedicated security hardening, daily patching, or verified provenance attestations.
Aqua Security
Focuses on post-deployment vulnerability scanning and runtime security rather than pre-hardened images built from source.
Snyk
Provides vulnerability scanning and remediation for existing dependencies rather than curated, zero-CVE images maintained with guaranteed SLAs.
Why this matters: Chainguard raised $892M in total funding and achieved unicorn status ($3.5B valuation) by addressing a critical gap in software supply chain security—moving security left from post-deployment scanning to secure-by-default artifacts. Founded by veterans of Kubernetes, Sigstore, and Google's security infrastructure, the company is backed by top-tier VCs and strategic investors (Salesforce, Datadog) positioning it as a foundational security layer for enterprise container deployments.
Best for: Enterprise teams and regulated industries building containerized applications that need supply chain security assurance, compliance support, and minimal vulnerability management burden.
Use cases
Regulated Financial Services Deployments
A fintech company needs container images that meet compliance requirements with verifiable provenance and audit trails. Chainguard's SLSA Level 2+ certified images, built-in SBOMs, and signed attestations eliminate the need for custom security scanning tooling and provide evidence of secure builds for auditors.
Reducing CVE Remediation Sprints
An e-commerce platform spends significant engineering cycles responding to newly discovered CVEs in base images. Chainguard's daily-patched images and SLA-backed remediation ensure CVEs are addressed within defined timeframes automatically, freeing teams to focus on product development.
Supply Chain Attack Prevention
A SaaS company concerned about build-time and distribution-stage malware injection adopts Chainguard Libraries, which uses SLSA L3-compliant builds and eliminates 98%+ of supply chain risk by building every package from verified public source code in a secure, monitored environment.
Alternatives
Google Distroless Open-source minimal images without commercial SLA, daily patching guarantees, or vulnerability remediation commitments.
Red Hat UBI (Universal Base Images) Red Hat-supported containers with longer support lifecycles but less frequent patching and no zero-CVE guarantee like Chainguard.
JFrog Artifactory Universal package repository platform with scanning capabilities rather than pre-hardened, curated artifacts with built-in security.
FAQ
What does Chainguard do? +
Chainguard provides security-hardened container images, language libraries, and VM images with zero known CVEs, built-in software bill of materials (SBOMs), signed provenance, and guaranteed daily patching with SLA-backed remediation. Instead of scanning for vulnerabilities after deployment, Chainguard delivers pre-secured artifacts that eliminate vulnerabilities at the source and reduce overall CVE burden by 97.6% on average.
How much does Chainguard cost? +
Chainguard offers Catalog pricing based on engineering organization size, providing unlimited access to 1,800+ images and 10,000+ packages; Per-Image pricing for targeted deployments; and a free tier of ~50 container images. Enterprise pricing is available upon contact.
What are alternatives to Chainguard? +
Google Distroless (free, open-source minimal images without commercial SLA), Red Hat UBI (supported base images with longer lifecycles), Amazon ECR Public (general registry without zero-CVE guarantee), Docker Hub (general-purpose repository), Aqua Security (post-deployment scanning), and Snyk (vulnerability scanning for existing dependencies).
Who uses Chainguard? +
Enterprise engineering teams, DevSecOps organizations, regulated financial services companies, and SaaS platforms that require supply chain security assurance, compliance support, and minimal vulnerability management overhead. Specific customer names are not publicly disclosed.
How does Chainguard compare to Docker Hub? +
Docker Hub is a general-purpose image registry where publishers upload containers with varying security practices. Chainguard provides curated, security-hardened images built daily from verified source, patched proactively, guaranteed zero CVEs, and includes signed provenance and SBOMs—eliminating scanning, remediation, and compliance overhead Docker Hub users face.
Tags
container security supply chain security software bill of materials SBOM zero-CVE DevSecOps compliance vulnerability management SLSA provenance open source security