Chainguard Announces New Products and a Free Academy to Help Developers Secure the Software Supply Chain
Wolfi, the first Linux (un)distribution designed with default security measures, and Chainguard Academy, the first interactive education platform dedicated to software supply chain security, enable developers everywhere to ship secure code
Chainguard, the first developer platform for software supply chain security, announced Wolfi, a new community Linux (un)distribution that combines the best aspects of existing container base images with default security measures that will include software signatures powered by Sigstore, provenance, and software bills of material (SBOM). The company today also announced Chainguard Academy, the first free, open source and interactive educational platform designed for software supply chain security, and the general availability of Chainguard Enforce, the company’s comprehensive software supply chain risk management platform.
Software supply chain attacks remain a serious threat for all organizations today. The latest IBM 2022 Cost of a Data Breach Report found nearly one-fifth of organizations have been breached due to a software supply chain compromise
“Attacks are happening at every point along the software supply chain, from the way code gets built, to its deployment, to how it’s run and then packaged and shipped to end users,” said Dan Lorenc, CEO and Co-Founder of Chainguard. “Because software supply chain security covers the entire development lifecycle, it isn’t like other areas in security where point solutions can solve this complex problem. Chainguard’s secure developer platform is a direct reflection of our mission to make the software supply chain secure by default by helping developers improve software security from source to production.”
In June 2022, Chainguard raised $50 million in a Series A funding round led by Sequoia Capital with participation from Amplify Partners, the Chainsmokers, Mantis VC and LiveOak Venture Partners, among others. Chainguard’s founders are former Googlers that created software supply chain security’s canonical Open Source projects including Sigstore and SLSA (pronounced “salsa”).
“We’re seeing a profound cultural shift in the technology sector where the expectation is that security must be embedded in every step of the software development lifecycle,” said Lenny Pruss, General Partner at Amplify Partners. “Chainguard is catalyzing this revolution by providing developers the only end-to-end security platform that seamlessly integrates into their workflows. This, in turn, gives CISOs the assurance that the software their organizations rely on and deliver to their customers is secure by default.”
The ecosystem’s push for software supply chain integrity and transparency has left organizations struggling to build software security measures like signatures, provenance, and SBOMs into legacy systems and existing Linux distributions.
Chainguard’s new Linux (un)distribution and build toolchain, Wolfi, is designed from the ground up to produce container images that meet the requirements of a secure software supply chain.
Wolfi is Chainguard’s latest major contribution in the open source toolchain for supply chain security, which enables the purpose-built Chainguard Images. Chainguard Images are designed with minimal components to help reduce an enterprise’s attack surface and generate SBOMs at the time of development, leaving no errors in the creation process.
Education is one of the biggest barriers to wider adoption of comprehensive and relevant security across the software supply chain. To help close this gap, Chainguard Academy will deliver critical educational resources at no cost to enable developers to get hands-on with software supply chain security tooling and recommended practices.
“The software supply chain will become more secure if we all do our part to make incremental progress towards security improvements,” said Lisa Tagliaferri, Head of Developer Education at Chainguard. “Our hope with Chainguard Academy is to provide the developer community with the resources needed to meet these longer-term and sustainable goals.”
Chainguard Academy builds on the team’s previous educational efforts such as the Securing Your Software Supply Chain with Sigstore course in partnership with the Linux Foundation and edX. Additionally, developers using Chainguard Academy will be able to work with Sigstore and distroless container images right from their browsers through an interactive sandbox terminal.
Chainguard Enforce, the company’s comprehensive solution for software supply chain risk management is now generally available. Since the launch of its early access program in April, Chainguard Enforce today is adding new features including “agentless” mode, a re-designed UI with security metrics, SOC2 Type 1 certification, curated security policies and alerting, integrations with CloudEvents, OPA Gatekeeper and Styra, Terraform provider, Vault, and more. With Chainguard Enforce, organizations can focus on delivering software efficiently throughout every step of the software development lifecycle, make real-time policy decisions and access critical metadata for incident management.