Chainguard hits 500m container manifests with AI boost

Chainguard has surpassed 500 million unique container build manifests as it expands automated production of container images and supporting metadata for open-source software.

The count reflects output from its automated build system, which produces millions of builds each month. The manifests cover initial builds, rebuilds after dependency updates and tooling changes, builds triggered by vulnerabilities, and the generation of software bills of materials and signatures.

The milestone comes as more organisations rely on open source for infrastructure and application development. That growth has increased attention on software supply chain risks and the operational burden of keeping widely used components current when vulnerabilities emerge.

Factory model

Chainguard builds and maintains a catalogue of container images and related packages. It describes the system as a software factory that continuously monitors upstream projects, rebuilds components from source, and publishes updated artefacts as changes occur.

The latest scale-up centres on DriftlessAF, which Chainguard describes as a second generation of its software factory. The framework uses reconciliation bots, including agentic AI-powered bots, to detect drift and take corrective actions in the build pipeline.

"Securing the entire software supply chain requires deep technical prowess and automation," said Dan Lorenc, CEO and co-founder of Chainguard.

"Our software factory continuously rebuilds every open source component that engineering teams rely on directly from source and maintains these components over time. The depth and breadth of our software catalogue means teams that build with Chainguard never have to choose between speed and trust," Lorenc said.

Catalogue scale

Chainguard Containers now spans more than 2,000 projects. It also includes more than 340,000 image versions and 27,000 unique underlying Chainguard OS packages.

The catalogue includes images for widely used components such as Go, Nginx, and Postgres. Chainguard says it provides minimal images with low or zero known vulnerabilities, but did not disclose a standard definition for those terms across the catalogue.

The build-manifest total also includes customer-produced images generated through Chainguard Custom Assembly, positioned as a way for customers to produce their own images using Chainguard's packages and build processes.

Commercial adoption

Nearly 400 organisations use Chainguard Containers. Recent customers include Black Duck, Nelnet, Rocket Lab, and SolarWinds.

Chainguard also highlighted its "Catalogue Pricing" approach, under which it adds new projects and versions across x86_64 and aarch64 architectures at no additional cost for full-catalogue customers. Customers using the catalogue option consume 38 container images on average, compared with those using a per-image option.

One customer, Second Front, framed the full catalogue as a procurement and operational simplifier for teams that need consistent security and compliance controls.

"At Second Front, we make it faster and easier to deliver secure, compliant software to government teams and missions where security is non-negotiable," said Jeff Davis, senior staff platform engineer at Second Front. "Access to Chainguard's full catalogue gives us access to an extensive library of secure, trusted open source images. No surprises, no hoops to jump through, just the freedom to move fast with security and trust built in," Davis said.

Lifecycle controls

Chainguard has introduced end-of-life updates intended to make version support more predictable. It will apply an end-of-life window of up to six months for several widely used applications where upstream support ends immediately upon a new release.

During that grace period, customers retain visibility into version status and continue to receive security updates. The approach aims to reduce disruption for teams that need time to plan upgrades across estates where container images are tightly coupled to deployment and testing processes.

Chainguard has also updated the Helm Charts user experience. Changes include views that map container images to a chart, tabs that display chart versions and metadata, and a way to browse values.yaml files within its console.

Chainguard says it will continue adding new projects and versions, with DriftlessAF taking on more monitoring and rebuild work as the catalogue grows.