Latest news with #Chainguard
Business Wire
15 hours ago
- Business
- Business Wire
Azul and Chainguard Partner to Strengthen Container Security for
SUNNYVALE, Calif. & KIRKLAND, Wash.--(BUSINESS WIRE)-- Azul, the only company 100% focused on Java, and Chainguard, the secure foundation for software development and deployment, today announced a strategic partnership. This partnership will unite Azul's best-in-class commercial support and curated OpenJDK distributions with Chainguard's world-class Linux distro, software factory and container images. Chainguard will build from source Java container images that incorporate Azul's commercially supported build of OpenJDK that's part of Azul Platform Core, enabling enterprises to accelerate developer productivity, eliminate costly engineering toil and harden their software supply chain security. Joint solution gives customers secure, zero-CVE Java containers backed by trusted commercial support, reducing risk and accelerating delivery Share Securing the Full Java Stack Is Complex, Fragmented and Time-Consuming Java powers enterprise applications of all sizes and criticality, but timely access to updated and secure builds requires a vendor with deep expertise. Azul provides this by delivering fully supported OpenJDK builds which are a drop-in replacement for Oracle Java — helping organizations stay compliant and secure while reducing costs and freeing teams to focus on innovation. At the same time, Chainguard Containers helps organizations secure their operating system (OS) and application runtime environment. Modern enterprises face growing complexity and risk in securing every layer of their software stack — from the OS to the Java runtime and toolchain. Engineering and security teams often struggle to keep up with constant vulnerability disclosures, inconsistent patching timelines, and the need to harden containers and virtual machines without sacrificing speed or developer productivity. These challenges are especially acute for Java workloads, which require timely updates, commercial support, and secure, lightweight deployment environments. A study by NetRise found that the average container contains 604 known vulnerabilities in its underlying software components, with over 45% of those CVEs being two to 10 years old. This accumulation of outdated vulnerabilities poses a significant risk to organizations relying on containerized applications. In addition, in Azul's recent 2025 State of Java Survey & Report, 33% of respondents said that their DevOps teams waste more than half their time addressing false positives from Java-related security vulnerabilities, and 49% of companies are still encountering security vulnerabilities from Log4j in production – three years after its initial discovery. Securing the software development lifecycle requires locking down all layers of the stack, from the OS to the runtime environment and language toolchain. Customers Benefit from Reduced Risk and Faster Time to Deployment The partnership between Azul and Chainguard directly addresses these pain points by delivering hardened, zero-CVE containers for Java versions 21 and beyond, built from Azul source code, and backed by commercial Java support from Azul. Together, the companies offer a streamlined, secure foundation for Java applications that reduces risk, accelerates delivery and eliminates the trade-off between security and support. With Azul and Chainguard integrating zero-CVE container images built entirely from source and tested using the Java Compatibility Kit (JCK, TCK), joint customers benefit from reduced risk across their application surface area while maintaining commercial support services for their Java runtimes. Through Azul's stabilized, security-only Critical Patch Updates, engineering teams can now rapidly deploy new Java images, spending less time patching and testing one-off containers, so organizations can redirect development resources and ship secure software faster. 'Our customers need solutions that reduce risk and build trust at every layer of their modern software deployment stack,' said Dan Lorenc, co-founder and CEO at Chainguard. 'Today, we're bringing Chainguard's expertise in building minimal, zero-CVE images and Azul's expertise in Java together to create the most secure, commercial-grade containers for cloud-native workloads.' 'Choosing a hardened container shouldn't mean sacrificing timely security-only updates and commercial support services for your Java runtimes,' said Scott Sellers, co-founder and CEO at Azul. 'Today, we're excited to offer enterprises best-in-breed hardened Java containers from Chainguard while leveraging world-class commercial support from Azul.' Joint customers consuming these new Azul Java container images via Chainguard Containers will receive commercial Java support services through the Azul Platform Core offering. More information on the partnership can also be found here. About Chainguard Chainguard is the secure foundation for software development and deployment. By providing guarded open source software with Chainguard Containers, VMs, and Libraries, built from source and updated continuously, Chainguard helps organizations eliminate threats in their software supply chains. Its customers include Fortune 500 enterprises and global industry leaders, including Anduril, ANZ Bank, Canva, Hewlett Packard Enterprise, MAN Energy Solutions, Snap Inc., and Snowflake. Chainguard is venture-backed by leading investors, including Amplify, IVP, Kleiner Perkins, Lightspeed Venture Partners, Mantis VC, Redpoint Ventures, Sequoia Capital, and Spark Capital. For more information, visit: About Azul Systems Inc. Headquartered in Sunnyvale, California, Azul provides the Java platform for the modern cloud enterprise. Azul is the only company 100% focused on Java. Millions of Java developers, hundreds of millions of devices and the world's most highly regarded businesses trust Azul to power their applications with exceptional capabilities, performance, security, value, and success. Azul customers include 36% of the Fortune 100, 50% of Forbes top 10 World's Most Valuable Brands, all 10 of the world's top 10 financial trading companies and leading brands like Avaya, Bazaarvoice, BMW, Deutsche Telekom, LG, Mastercard, Mizuho, Priceline, Salesforce, Software AG, and Workday. Learn more at and follow us @azulsystems.
Associated Press
14-05-2025
- Associated Press
Introducing Chainguard Libraries for Python: Malware-Resistant Dependencies Built Entirely from Source
New Python language libraries with end-to-end integrity help organizations build software safer and more efficiently KIRKLAND, Wash., May 14, 2025 /PRNewswire/ -- Chainguard, the secure foundation for software development and deployment, today announced Chainguard Libraries for Python, an index of malware-resistant Python dependencies built securely from source on SLSA L2 infrastructure. By securely building every library and all of its dependencies from source, Chainguard Libraries for Python provides application security teams with confidence that malware has not been inserted during the build and distribution of libraries in the Python ecosystem, closing a significant gap in the threat landscape. To start, Chainguard has built nearly 10,000 of the most popular projects and will continuously grow its inventory of Python libraries to become the safe source for all open source. The growing threat of malware in the Python ecosystem Today, more than half of the world's developers rely on Python, a programming language that has become the foundation of modern AI and machine learning applications. As the popularity of Python has surged, so has the frequency and severity of supply chain attacks against the ecosystem. Notable malware attacks against popular Python packages like Ultralytics and PyTorch TorchTriton have shaken the community and demonstrated the risk of relying on traditional mechanisms (e.g., public registries like PyPI) for language library consumption. These public registries do minimal vetting of hosted artifacts, and they do not provide assurance that the distributed library matches its source code, exposing enterprises to supply chain attacks. Additionally, Python libraries are susceptible to supply chain attacks because many projects include more than just pure Python code — project maintainers often rebundle shared system libraries into their Python libraries to ensure stable behavior. This practice of rebundling OS dependencies into Python libraries obscures the components from security scanners, meaning the vulnerabilities they introduce to production environments go unnoticed and pose a serious risk for enterprise security. With Chainguard Libraries for Python, Chainguard delivers malware protection for one of the most critical and vulnerable parts of the supply chain — the language dependencies that developers rely on to build and deploy applications. Up to now, application security teams have had no comprehensive solution for mitigating malware without disrupting their developers' workflows and productivity. This left enterprises susceptible to the risks of malicious code that could waste resources, steal application secrets, break production systems, or even leak customer data. Chainguard Libraries for Python integrates with existing artifact managers to empower application security teams to close this massive security hole while meeting developers how they work. 'Chainguard is rebuilding every component for a given library — Python, Java, or otherwise — from source so organizations can mitigate malware, have clear visibility into what exactly is in their software, and eliminate the risk of hidden supply chain vulnerabilities,' said Kim Lewandowski, Co-founder and Chief Product Officer, Chainguard. 'We're providing a secure, trusted source of Python libraries that allows enterprises to remove friction and add security without asking developers to change how they build and deploy software.' Mitigating malware attacks across Python dependencies Following the recent launch of Chainguard Libraries for Java, Chainguard is building every dependency for every Python library from source, combating malware injection at the build and distribution links of the open source supply chain. This reduces risk from supply chain threat vectors like compromised build processes, release pipelines, and distribution points. Isolating and rebuilding the shared system dependencies required by Python libraries allows Chainguard to eliminate an additional hidden attack vector stemming from bundled software components. Chainguard Libraries for Python furthers the company's mission to be the safe source for open source and gives customers greater confidence to ship products more efficiently and securely. Chainguard now helps organizations secure even more of the modern development stack, starting with the OS and runtime environment with minimal, zero-CVE containers and virtual machines, and up to the application layer with language libraries for Python and Java. 'At Paylocity, application security is core to the modern HR, payroll and spend management software we're building,' said Joe Christian, Senior Engineering Manager, Application Security, Paylocity. 'Chainguard already helps us reduce our attack surface while giving our teams confidence in what they're shipping. We see promise in Chainguard Libraries for Python to ensure developers can build securely from the very first line of code.' 'MAN Energy Solutions enables its customers to achieve sustainable value creation in the transition towards a carbon neutral future. As a global provider of large-scale industrial machinery and energy solutions, software supply chain security is a top priority,' Carsten Skov, Senior DevOps Engineer, MAN Energy Solutions. 'Chainguard Containers have already helped us ensure that our containerized analytics workloads are built and run securely by default. Now, we're excited about the potential of Chainguard Libraries for Python to further strengthen our software supply chain by mitigating the risks posed by unverified dependencies and malware in the Python ecosystem. Securing these workloads plays a key role in ensuring that the MAN-CEON Digital Ecosystem continues to meet the requirements of ISO/IEC 27001:2022 and ABS Cyber Safety Certification.' Chainguard Libraries for Python is now available in early access. For more information, visit About Chainguard Chainguard is the secure foundation for software development and deployment. By providing guarded open source software with Chainguard Containers, VMs, and Libraries, built from source and updated continuously, Chainguard helps organizations eliminate threats in their software supply chains. Its customers include Fortune 500 enterprises and global industry leaders, including Anduril, ANZ Bank, Canva, Hewlett Packard Enterprise, MAN Energy Solutions, Snap Inc., and Snowflake. Chainguard is venture-backed by leading investors, including Amplify, IVP, Kleiner Perkins, Lightspeed Venture Partners, Mantis VC, Redpoint Ventures, Sequoia Capital, and Spark Capital. For more information, visit: View original content to download multimedia: SOURCE Chainguard
CNA
23-04-2025
- Business
- CNA
Cybersecurity startup Chainguard almost triples valuation to $3.5 billion after fundraise
Computer and cloud security startup Chainguard said on Wednesday its latest funding round valued it at $3.5 billion, almost tripling in less than a year, underscoring sustained investor appetite for robust digital infrastructure. The company said it had raised $356 million in a series D round, led by new investor Kleiner Perkins and existing investor IVP, with additional participation from new investors such as Salesforce Ventures and Datadog Ventures. Enterprises are increasingly prioritizing cybersecurity measures as a rapid digital transformation across industries has increased the risk of online attacks and hacks, prompting businesses to spend more on safeguarding their domains. "Investors recognize that companies won't delay security investments when the downside risk is reputational ruin, regulatory penalties, or even operational collapse," said Derek Hernandez, senior emerging technology analyst at PitchBook. Disruptions caused by the global CrowdStrike outage last year have also encouraged some companies to boost their budgets on protecting digital assets. Chainguard's last fundraising in July 2024, which valued it at $1.12 billion, was also co-led by IVP, along with Redpoint Ventures and Lightspeed Venture Partners. "Today, major cybersecurity funding continues, even amid recession fears," Hernandez added. Total funding to VC-backed cybersecurity startups hit nearly $11.6 billion last year, up 43 per cent over 2023, according to Crunchbase data, showing cybersecurity startups continue to draw investment even in an otherwise subdued venture capital environment. Last month, AI-powered cybersecurity firm ReliaQuest raised more than $500 million at a valuation of $3.4 billion. Chainguard — whose customers include Anduril, ANZ Bank, Canva, GitLab and Hewlett Packard Enterprise — has so far raised $612 million. The startup, founded in 2021, provides tools and services to help clients keep their software secure. Chainguard grew its annual recurring revenue seven times to $40 million in fiscal year 2025, it said.
Yahoo
26-03-2025
- Business
- Yahoo
Datadog (NasdaqGS:DDOG) Partners With Chainguard To Enhance Container Security Solutions
Datadog recently partnered with Chainguard to enhance container observability and software security, unveiling a new dashboard for real-time container risk insights. This significant collaboration likely influenced Datadog's stock price increase of 7% last week, as it strengthens its position in cybersecurity. While the broader tech sector witnessed declines, with the Nasdaq Composite down 1.9%, Datadog's positive movement contrasts this trend, possibly highlighting investor confidence in the Chainguard partnership's potential benefits. Overall, Datadog's rise stands out against a mixed performance in tech equities, driven by its strategic initiatives rather than broader market activities. Buy, Hold or Sell Datadog? View our complete analysis and fair value estimate and you decide. These 15 companies survived and thrived after COVID and have the right ingredients to survive Trump's tariffs. Discover why before your portfolio feels the trade war pinch. Datadog, Inc. has experienced a substantial total return of 207.34% over the past five years, demonstrating impressive growth compared to broader market trends. A key factor in this strong long-term performance is Datadog's investment in AI capabilities and partnerships, such as launching a modern Cloud SIEM in December 2024, boosting its cloud security offerings and expanding its observability solutions. Additionally, the introduction of Kubernetes Active Remediation in November 2024 has likely bolstered Datadog's appeal to enterprises seeking automated troubleshooting solutions. Over the past year, while Datadog's 1-year return was below both the US Market and Software industry averages, the ongoing enhancement of product capabilities and expansion into new markets highlight its potential for future growth. For example, the successful partnership with Chainguard and the expansion in cloud security monitoring with Akamai reinforce Datadog's commitment to integrating advanced security solutions, potentially fostering long-term investor confidence. Our expertly prepared valuation report Datadog implies its share price may be lower than expected. This article by Simply Wall St is general in nature. We provide commentary based on historical data and analyst forecasts only using an unbiased methodology and our articles are not intended to be financial advice. It does not constitute a recommendation to buy or sell any stock, and does not take account of your objectives, or your financial situation. We aim to bring you long-term focused analysis driven by fundamental data. Note that our analysis may not factor in the latest price-sensitive company announcements or qualitative material. Simply Wall St has no position in any stocks mentioned. Companies discussed in this article include NasdaqGS:DDOG. Have feedback on this article? Concerned about the content? with us directly. Alternatively, email editorial-team@
