Latest news with #Chainguard
Techday NZ
3 days ago
- Business
- Techday NZ
Chainguard launches partner programme after $356 million raise
Chainguard has announced the launch of its Global Partner Program aimed at helping channel partners deliver trusted open source software to customers. The new initiative intends to bridge the gap between traditional channel models and increasingly complex cloud ecosystems. Chainguard will be working alongside several major cloud service providers, including AWS, Google Cloud Platform, and Microsoft Azure, to offer more cohesive and scalable security solutions through its channel partners. Key programme features The Chainguard Partner Program introduces a two-tier structure with increasing benefits based on partner engagement and impact. Among the main features are incentives via sourced deals, co-sell influence, and customer referrals. Technical enablement is a significant component, with partner-exclusive training, onboarding, deal registration, lead creation tools, and access to both Partner and Technical Advisory Councils. The programme also offers joint go-to-market support, including account mapping, sales enablement, marketing support, and co-branded initiatives. Early adopters are given a first-mover advantage in delivering a new solution category before competitors can enter the space. The launch and expansion of this programme are being supported by Chainguard's recent Series D funding round, which saw the company raise $356 million at a valuation of $3.5 billion, intended to drive the company's next stage of growth. The need for secure OSS Open source software now accounts for more than 90% of the code in modern applications, significantly increasing the importance of robust software supply chain security. Recent high-profile incidents such as attacks targeting SolarWinds, Log4Shell, and xz-utils have elevated concerns among organisations, which now face stricter regulatory requirements and compliance mandates from frameworks such as FedRAMP, PCI, NIST SSDF, DORA, CRA, and HIPAA. The proliferation of sovereign cloud initiatives has added further complexity to compliance and risk management. "We're at a tipping point in software security. The growing reliance on open source, coupled with the rise in sophisticated supply chain attacks, has made it clear that reactive security models are no longer enough," said Ryan Carlson, President, Chainguard. "Organisations need to build fast, but they also need to do so securely – and that starts with trusted open source. With partners across the channel ecosystem, we're making it easier for the world's most innovative companies to build, deploy, and innovate on a foundation that's secure from the start." Chainguard's approach is to provide trusted open source software that is rebuilt from source in hardened environments, thereby supporting engineering teams in securely developing and deploying new code without additional burdens. Early engagement with channel partners The first members of the Global Partner Program include Bytes, Defy, DevOps1, and EVOTEK. These partners will use Chainguard to speed up developer productivity, facilitate compliance processes, and raise security standards for their clients. "At Bytes, we actively seek out vendors who disrupt conventional thinking and bring innovative perspectives to the cyber security landscape," said Luke Kiernan, Head of Cyber Security, Bytes. "From our first interaction with Chainguard, it was evident they embodied this mindset, delivering a forward-thinking, developer-first approach to securing the software supply chain. We look forward to developing our partnership and driving greater value for our customers through modern, resilient, and secure software practices." "Chainguard is solving one of the most urgent problems in enterprise technology today – securing the software supply chain without slowing down development," said Rich Douros, Chief Revenue Officer, Defy. "Their secure-by-default approach is exactly what our customers need to build with confidence and speed." "At DevOps1, our mission is to help our customers build secure, scalable systems that empower our clients to move fast without compromising security," said Alex Rea, CEO, DevOps1. "Partnering with Chainguard, the market-leading solution for software supply chain security, enables us to embed robust, verifiable security ensuring a 'Start Left' posture in the development lifecycle. This collaboration reinforces our commitment to delivering modern DevSecOps practices with confidence, integrity, and speed." "All organizations want to accelerate their software development, but they can't do that without having a way to secure the applications they're building," said Jason Myers, Chief Revenue Officer, EVOTEK. "Chainguard's approach to delivering continuously verified open source software aligns perfectly with our mission to help enterprises build secure, scalable infrastructure." Enhancing OSS integrity Chainguard's offerings centre around delivering open source components that are rebuilt from source within secure infrastructure and with verified end-to-end integrity. This is exemplified by Chainguard Containers, a catalogue featuring over 1,500 zero-CVE (common vulnerabilities and exposures) container images. The containers offer customisation, a reduced attack surface, and continuous daily updates, thereby ensuring supply chain integrity for containerised applications. Powered by Chainguard OS, the service includes transparent provenance, enforcement of FIPS cryptography, signed software bill of materials and attestations, and secure system hardening. For partners in the programme, this portfolio is designed to accelerate client compliance efforts, strengthen security postures, and enable engineering teams to focus on secure product development.
Cision Canada
4 days ago
- Business
- Cision Canada
Chainguard Launches Global Partner Program to Accelerate Trusted Open Source Software Adoption
New program offers flexible incentives, technical enablement, and go-to-market support to empower channel resellers and distributors to lead in secure software delivery KIRKLAND, Wash., Aug. 13, 2025 /CNW/ -- Chainguard, the secure foundation for software development and deployment, today announced the launch of the global Chainguard Partner Program, designed to help channel partners deliver trusted open source artifacts to their customers. The new program offers a two-tier structure with escalating benefits for channel partners based on engagement and impact, as well as flexible incentives, technical enablement, and go-to-market support for resellers and distributors. The urgent need for trusted open source software As open source software (OSS) now comprises over 90% of the code in modern applications, the need for proactive and scalable software supply chain security has never been more urgent. With a surge in high-profile software supply chain attacks like SolarWinds, Log4Shell, and xz-utils, organizations are facing increased regulatory scrutiny and heightened risk exposure. With compliance frameworks like FedRAMP, PCI, NIST SSDF, DORA, CRA, and HIPAA requiring proactive risk management, and the rise of sovereign cloud initiatives, organizations need a scalable solution to meet regulatory requirements, reduce their attack surface, and mitigate supply chain risks without burdening engineers. Chainguard's trusted OSS is continuously rebuilt from source in hardened environments, delivering end-to-end integrity and enabling engineering teams to focus on building and delivering secure, high-impact software. "We're at a tipping point in software security. The growing reliance on open source, coupled with the rise in sophisticated supply chain attacks, has made it clear that reactive security models are no longer enough," said Ryan Carlson, President, Chainguard. "Organizations need to build fast, but they also need to do so securely – and that starts with trusted open source. With partners across the channel ecosystem, we're making it easier for the world's most innovative companies to build, deploy, and innovate on a foundation that's secure from the start." Key features of the Chainguard Partner Program The Chainguard Partner Program offers a two-tier structure with escalating benefits for channel partners based on engagement and impact. The program offers: Compelling and flexible incentives: Rewards across sourced deals, co-sell influence, and referrals. Robust technical enablement: Partner-exclusive training, onboarding, deal registration, lead creation tools, and participation in the Partner & Technical Advisory Council. Joint go-to-market support: Account mapping, sales enablement, marketing support, and co-branded initiatives to drive mutual growth. First-mover advantage: The opportunity to deliver a disruptive new solution category before competitors. With this new program, Chainguard is bridging the gap between traditional channel models and modern cloud ecosystems by working in close alignment with cloud service providers, including Amazon Web Services, Google Cloud Platform, and Microsoft Azure. This approach empowers channel partners to offer more integrated, scalable solutions to their customers. This comprehensive structure is already resonating with the channel as early adopters begin to bring Chainguard to market. Early momentum with channel partners Early participants in Chainguard's Partner Program include Bytes, Defy, DevOps1, and EVOTEK, underscoring the global appetite for secure OSS infrastructure. These partners are leveraging Chainguard to help customers improve developer velocity, achieve faster compliance, and elevate their security posture. "At Bytes, we actively seek out vendors who disrupt conventional thinking and bring innovative perspectives to the cyber security landscape," said Luke Kiernan, Head of Cyber Security, Bytes. "From our first interaction with Chainguard, it was evident they embodied this mindset, delivering a forward-thinking, developer-first approach to securing the software supply chain. We look forward to developing our partnership and driving greater value for our customers through modern, resilient, and secure software practices." "Chainguard is solving one of the most urgent problems in enterprise technology today – securing the software supply chain without slowing down development," said Rich Douros, Chief Revenue Officer, Defy. "Their secure-by-default approach is exactly what our customers need to build with confidence and speed." "At DevOps1, our mission is to help our customers build secure, scalable systems that empower our clients to move fast without compromising security," said Alex Rea, CEO, DevOps1. "Partnering with Chainguard, the market-leading solution for software supply chain security, enables us to embed robust, verifiable security ensuring a 'Start Left' posture in the development lifecycle. This collaboration reinforces our commitment to delivering modern DevSecOps practices with confidence, integrity, and speed." "All organizations want to accelerate their software development, but they can't do that without having a way to secure the applications they're building," said Jason Myers, Chief Revenue Officer, EVOTEK. "Chainguard's approach to delivering continuously verified open source software aligns perfectly with our mission to help enterprises build secure, scalable infrastructure." Transforming how OSS is built, distributed, and secured Chainguard is changing the way organizations build with OSS by delivering trusted open source components that are continuously rebuilt from source in secure infrastructure with end-to-end integrity. At the heart of the offering is Chainguard Containers, a catalog of over 1,500 zero-CVE container images with broad customization capabilities and a reduced attack surface to improve supply chain integrity for containerized applications. As the fastest way to get a patch from source to artifact, Chainguard Containers are powered by Chainguard's bootstrapped Linux distro, Chainguard OS, and include transparent provenance, enforcement of FIPS cryptography, signed SBOMs and attestations, secure hardening, and continuous daily updates to eliminate vulnerabilities. For partners, this means offering customers a solution that accelerates compliance, strengthens their security posture, and allows their engineers to build more securely and efficiently from the start.
Techday NZ
19-06-2025
- Business
- Techday NZ
Azul & Chainguard partner on zero-CVE Java containers
Azul and Chainguard have announced a partnership focused on strengthening container security for Java workloads through combined commercial Java support and secure container images. The collaboration will see Chainguard create Java container images built from source, incorporating Azul's commercially supported build of OpenJDK from the Azul Platform Core. This approach is designed to allow enterprises to deliver production workloads more efficiently while addressing the complexities of securing the full software stack for Java applications. Complexity in Java security Java remains integral to a wide range of enterprise applications, with growing challenges around ensuring timely access to secure builds. Securing Java workloads requires reliable updates and consistent patching, traditionally necessitating expertise and timely intervention by vendors. Azul aims to fulfil this role by delivering fully supported OpenJDK builds intended as a direct replacement for Oracle Java, enabling organisations to maintain compliance and security while reducing expenditure and freeing development teams from remediation tasks. Chainguard Containers supports customers by securing operating systems and application runtime environments. The combination targets gaps in current protection practices that too often see engineering and security teams handle numerous vulnerability disclosures, deal with inconsistent patching, and attempt to harden containers without slowing developer productivity. For Java workloads, which require both rapid security response and commercial support, these difficulties are particularly pressing. Recent research from NetRise indicates that the average container carries 604 known vulnerabilities in underlying software components. Notably, over 45% of these CVEs are two to ten years old. This accumulation of unaddressed vulnerabilities increases risks for organisations that depend on containerised apps. Findings from Azul's 2025 State of Java Survey & Report further highlight the impact of security issues. According to the report, 33% of respondents stated their DevOps teams spend more than half their time addressing false positives from Java-related vulnerabilities. Additionally, 49% of surveyed companies reported they are still encountering vulnerabilities from Log4j in production environments, nearly three years after the initial disclosure. The need to secure all layers, from operating systems to toolchains, forms a critical part of the software development lifecycle. Hardened, zero-CVE Java containers The partnership between Azul and Chainguard is positioned as a direct response to challenges identified by industry research. The joint offering will deliver zero-CVE containers for Java versions 21 and above, built from Azul's source code and supported commercially through Azul's Java expertise. Customers are expected to benefit from a streamlined way to secure Java application foundations, reducing overall risk exposure and enabling more consistent, reliable deployments. The new container images will be constructed entirely from source and tested in accordance with the Java Compatibility Kit, providing assurance of compatibility and feature parity. Azul's approach to stabilised, security-only Critical Patch Updates gives engineering teams the opportunity to deploy updated Java images more efficiently, minimising manual patching and testing efforts. This is intended to help organisations redirect development resources away from platform maintenance and towards application delivery. "Our customers need solutions that reduce risk and build trust at every layer of their modern software deployment stack," said Dan Lorenc, co-founder and CEO at Chainguard. "Today, we're bringing Chainguard's expertise in building minimal, zero-CVE images and Azul's expertise in Java together to create the most secure, commercial-grade containers for cloud-native workloads." Scott Sellers, co-founder and CEO at Azul, added: "Choosing a hardened container shouldn't mean sacrificing timely security-only updates and commercial support services for your Java runtimes. Today, we're excited to offer enterprises best-in-breed hardened Java containers from Chainguard while leveraging world-class commercial support from Azul." Customers adopting Azul Java container images through Chainguard Containers will have access to commercial Java support within the Azul Platform Core portfolio. This ensures ongoing access to patches and direct assistance for Java runtime issues in critical enterprise environments.
Business Wire
12-06-2025
- Business
- Business Wire
Azul and Chainguard Partner to Strengthen Container Security for
SUNNYVALE, Calif. & KIRKLAND, Wash.--(BUSINESS WIRE)-- Azul, the only company 100% focused on Java, and Chainguard, the secure foundation for software development and deployment, today announced a strategic partnership. This partnership will unite Azul's best-in-class commercial support and curated OpenJDK distributions with Chainguard's world-class Linux distro, software factory and container images. Chainguard will build from source Java container images that incorporate Azul's commercially supported build of OpenJDK that's part of Azul Platform Core, enabling enterprises to accelerate developer productivity, eliminate costly engineering toil and harden their software supply chain security. Joint solution gives customers secure, zero-CVE Java containers backed by trusted commercial support, reducing risk and accelerating delivery Share Securing the Full Java Stack Is Complex, Fragmented and Time-Consuming Java powers enterprise applications of all sizes and criticality, but timely access to updated and secure builds requires a vendor with deep expertise. Azul provides this by delivering fully supported OpenJDK builds which are a drop-in replacement for Oracle Java — helping organizations stay compliant and secure while reducing costs and freeing teams to focus on innovation. At the same time, Chainguard Containers helps organizations secure their operating system (OS) and application runtime environment. Modern enterprises face growing complexity and risk in securing every layer of their software stack — from the OS to the Java runtime and toolchain. Engineering and security teams often struggle to keep up with constant vulnerability disclosures, inconsistent patching timelines, and the need to harden containers and virtual machines without sacrificing speed or developer productivity. These challenges are especially acute for Java workloads, which require timely updates, commercial support, and secure, lightweight deployment environments. A study by NetRise found that the average container contains 604 known vulnerabilities in its underlying software components, with over 45% of those CVEs being two to 10 years old. This accumulation of outdated vulnerabilities poses a significant risk to organizations relying on containerized applications. In addition, in Azul's recent 2025 State of Java Survey & Report, 33% of respondents said that their DevOps teams waste more than half their time addressing false positives from Java-related security vulnerabilities, and 49% of companies are still encountering security vulnerabilities from Log4j in production – three years after its initial discovery. Securing the software development lifecycle requires locking down all layers of the stack, from the OS to the runtime environment and language toolchain. Customers Benefit from Reduced Risk and Faster Time to Deployment The partnership between Azul and Chainguard directly addresses these pain points by delivering hardened, zero-CVE containers for Java versions 21 and beyond, built from Azul source code, and backed by commercial Java support from Azul. Together, the companies offer a streamlined, secure foundation for Java applications that reduces risk, accelerates delivery and eliminates the trade-off between security and support. With Azul and Chainguard integrating zero-CVE container images built entirely from source and tested using the Java Compatibility Kit (JCK, TCK), joint customers benefit from reduced risk across their application surface area while maintaining commercial support services for their Java runtimes. Through Azul's stabilized, security-only Critical Patch Updates, engineering teams can now rapidly deploy new Java images, spending less time patching and testing one-off containers, so organizations can redirect development resources and ship secure software faster. 'Our customers need solutions that reduce risk and build trust at every layer of their modern software deployment stack,' said Dan Lorenc, co-founder and CEO at Chainguard. 'Today, we're bringing Chainguard's expertise in building minimal, zero-CVE images and Azul's expertise in Java together to create the most secure, commercial-grade containers for cloud-native workloads.' 'Choosing a hardened container shouldn't mean sacrificing timely security-only updates and commercial support services for your Java runtimes,' said Scott Sellers, co-founder and CEO at Azul. 'Today, we're excited to offer enterprises best-in-breed hardened Java containers from Chainguard while leveraging world-class commercial support from Azul.' Joint customers consuming these new Azul Java container images via Chainguard Containers will receive commercial Java support services through the Azul Platform Core offering. More information on the partnership can also be found here. About Chainguard Chainguard is the secure foundation for software development and deployment. By providing guarded open source software with Chainguard Containers, VMs, and Libraries, built from source and updated continuously, Chainguard helps organizations eliminate threats in their software supply chains. Its customers include Fortune 500 enterprises and global industry leaders, including Anduril, ANZ Bank, Canva, Hewlett Packard Enterprise, MAN Energy Solutions, Snap Inc., and Snowflake. Chainguard is venture-backed by leading investors, including Amplify, IVP, Kleiner Perkins, Lightspeed Venture Partners, Mantis VC, Redpoint Ventures, Sequoia Capital, and Spark Capital. For more information, visit: About Azul Systems Inc. Headquartered in Sunnyvale, California, Azul provides the Java platform for the modern cloud enterprise. Azul is the only company 100% focused on Java. Millions of Java developers, hundreds of millions of devices and the world's most highly regarded businesses trust Azul to power their applications with exceptional capabilities, performance, security, value, and success. Azul customers include 36% of the Fortune 100, 50% of Forbes top 10 World's Most Valuable Brands, all 10 of the world's top 10 financial trading companies and leading brands like Avaya, Bazaarvoice, BMW, Deutsche Telekom, LG, Mastercard, Mizuho, Priceline, Salesforce, Software AG, and Workday. Learn more at and follow us @azulsystems.
Associated Press
14-05-2025
- Associated Press
Introducing Chainguard Libraries for Python: Malware-Resistant Dependencies Built Entirely from Source
New Python language libraries with end-to-end integrity help organizations build software safer and more efficiently KIRKLAND, Wash., May 14, 2025 /PRNewswire/ -- Chainguard, the secure foundation for software development and deployment, today announced Chainguard Libraries for Python, an index of malware-resistant Python dependencies built securely from source on SLSA L2 infrastructure. By securely building every library and all of its dependencies from source, Chainguard Libraries for Python provides application security teams with confidence that malware has not been inserted during the build and distribution of libraries in the Python ecosystem, closing a significant gap in the threat landscape. To start, Chainguard has built nearly 10,000 of the most popular projects and will continuously grow its inventory of Python libraries to become the safe source for all open source. The growing threat of malware in the Python ecosystem Today, more than half of the world's developers rely on Python, a programming language that has become the foundation of modern AI and machine learning applications. As the popularity of Python has surged, so has the frequency and severity of supply chain attacks against the ecosystem. Notable malware attacks against popular Python packages like Ultralytics and PyTorch TorchTriton have shaken the community and demonstrated the risk of relying on traditional mechanisms (e.g., public registries like PyPI) for language library consumption. These public registries do minimal vetting of hosted artifacts, and they do not provide assurance that the distributed library matches its source code, exposing enterprises to supply chain attacks. Additionally, Python libraries are susceptible to supply chain attacks because many projects include more than just pure Python code — project maintainers often rebundle shared system libraries into their Python libraries to ensure stable behavior. This practice of rebundling OS dependencies into Python libraries obscures the components from security scanners, meaning the vulnerabilities they introduce to production environments go unnoticed and pose a serious risk for enterprise security. With Chainguard Libraries for Python, Chainguard delivers malware protection for one of the most critical and vulnerable parts of the supply chain — the language dependencies that developers rely on to build and deploy applications. Up to now, application security teams have had no comprehensive solution for mitigating malware without disrupting their developers' workflows and productivity. This left enterprises susceptible to the risks of malicious code that could waste resources, steal application secrets, break production systems, or even leak customer data. Chainguard Libraries for Python integrates with existing artifact managers to empower application security teams to close this massive security hole while meeting developers how they work. 'Chainguard is rebuilding every component for a given library — Python, Java, or otherwise — from source so organizations can mitigate malware, have clear visibility into what exactly is in their software, and eliminate the risk of hidden supply chain vulnerabilities,' said Kim Lewandowski, Co-founder and Chief Product Officer, Chainguard. 'We're providing a secure, trusted source of Python libraries that allows enterprises to remove friction and add security without asking developers to change how they build and deploy software.' Mitigating malware attacks across Python dependencies Following the recent launch of Chainguard Libraries for Java, Chainguard is building every dependency for every Python library from source, combating malware injection at the build and distribution links of the open source supply chain. This reduces risk from supply chain threat vectors like compromised build processes, release pipelines, and distribution points. Isolating and rebuilding the shared system dependencies required by Python libraries allows Chainguard to eliminate an additional hidden attack vector stemming from bundled software components. Chainguard Libraries for Python furthers the company's mission to be the safe source for open source and gives customers greater confidence to ship products more efficiently and securely. Chainguard now helps organizations secure even more of the modern development stack, starting with the OS and runtime environment with minimal, zero-CVE containers and virtual machines, and up to the application layer with language libraries for Python and Java. 'At Paylocity, application security is core to the modern HR, payroll and spend management software we're building,' said Joe Christian, Senior Engineering Manager, Application Security, Paylocity. 'Chainguard already helps us reduce our attack surface while giving our teams confidence in what they're shipping. We see promise in Chainguard Libraries for Python to ensure developers can build securely from the very first line of code.' 'MAN Energy Solutions enables its customers to achieve sustainable value creation in the transition towards a carbon neutral future. As a global provider of large-scale industrial machinery and energy solutions, software supply chain security is a top priority,' Carsten Skov, Senior DevOps Engineer, MAN Energy Solutions. 'Chainguard Containers have already helped us ensure that our containerized analytics workloads are built and run securely by default. Now, we're excited about the potential of Chainguard Libraries for Python to further strengthen our software supply chain by mitigating the risks posed by unverified dependencies and malware in the Python ecosystem. Securing these workloads plays a key role in ensuring that the MAN-CEON Digital Ecosystem continues to meet the requirements of ISO/IEC 27001:2022 and ABS Cyber Safety Certification.' Chainguard Libraries for Python is now available in early access. For more information, visit About Chainguard Chainguard is the secure foundation for software development and deployment. By providing guarded open source software with Chainguard Containers, VMs, and Libraries, built from source and updated continuously, Chainguard helps organizations eliminate threats in their software supply chains. Its customers include Fortune 500 enterprises and global industry leaders, including Anduril, ANZ Bank, Canva, Hewlett Packard Enterprise, MAN Energy Solutions, Snap Inc., and Snowflake. Chainguard is venture-backed by leading investors, including Amplify, IVP, Kleiner Perkins, Lightspeed Venture Partners, Mantis VC, Redpoint Ventures, Sequoia Capital, and Spark Capital. For more information, visit: View original content to download multimedia: SOURCE Chainguard
