Chainguard Announces New Products and a Free Academy to Help Developers Secure the Software Supply Chain

Wolfi, the first Linux (un)distribution designed with default security measures, and Chainguard Academy, the first interactive education platform dedicated to software supply chain security, enable developers everywhere to ship secure code

KIRKLAND, Wash., Sept. 22, 2022 /PRNewswire/ — chainguardthe first developer platform for supply chain security software, today announced Wolfi, a new community Linux (un)distribution that combines the best aspects of existing container base images with default security measures that will include software signatures powered by Sigstore, provenance, and software bills of material (SBOM). The company today also announced Chainguard Academythe first free, open source and interactive educational platform designed for software supply chain security, and the general availability of Chainguard Enforcethe company’s comprehensive software supply chain risk management platform.

Software supply chain attacks remain a serious threat to all organizations today. The latest IBM 2022 Cost of a Data Breach Report found nearly one-fifth of organizations have been breached due to a software supply chain compromise.

“Attacks are happening at every point along the software supply chain, from the way code gets built, to its deployment, to how it’s run and then packaged and shipped to end users,” said Dan Lorenzo, CEO and Co-Founder of Chainguard. “Because software supply chain security covers the entire development lifecycle, it isn’t like other areas in security where point solutions can solve this complex problem. Chainguard’s secure developer platform is a direct reflection of our mission to make the software supply chain secure by default by helping developers improve software security from source to production.”

in June 2022, Chainguard raised $50 million in a Series A funding round led by Sequoia Capital with participation from Amplify Partners, the Chainsmokers, Mantis VC and LiveOak Venture Partners, among others. Chainguard’s founders are former Googlers that created supply chain security software’s canonical Open Source projects including sigstore and SLSA (pronounced “parsley”).

“We’re seeing a profound cultural shift in the technology sector where the expectation is that security must be embedded in every step of the software development lifecycle,” said Lenny Pruss, General Partner at Amplify Partners. “Chainguard is catalyzing this revolution by providing developers with the only end-to-end security platform that seamlessly integrates into their workflows. This, in turn, gives CISOs the assurance that the software their organizations rely on and deliver to their customers is secure by default .”

Introducing Wolfi, the first community Linux (un)distribution

The ecosystem’s push for software supply chain integrity and transparency has left organizations struggling to build software security measures like signatures, provenance, and SBOMs into legacy systems and existing Linux distributions.

Chainguard’s new Linux (un)distribution and build toolchain, Wolfi, is designed from the ground up to produce container images that meet the requirements of a secure software supply chain.

Wolfi is Chainguard’s latest major contribution in the open source toolchain for supply chain security, which enables the purpose-built Chainguard Images. Chainguard Images are designed with minimal components to help reduce an enterprise’s attack surface and generate SBOMs at the time of development, leaving no errors in the creation process.

Free resources for developers to build secure by default software with Chainguard Academy

Education is one of the biggest barriers to wider adoption of comprehensive and relevant security across the software supply chain. To help close this gap, Chainguard Academy will deliver critical educational resources at no cost to enable developers to get hands-on with software supply chain security tooling and recommended practices.

“The software supply chain will become more secure if we all do our part to make incremental progress towards security improvements,” said Lisa Tagliaferri, Head of Developer Education at Chainguard. “Our hope with Chainguard Academy is to provide the developer community with the resources needed to meet these longer-term and sustainable goals.”

Chainguard Academy builds on the team’s previous educational efforts such as the Securing Your Software Supply Chain with Sigstore course in partnership with the Linux Foundation and edX. Additionally, developers using Chainguard Academy will be able to work with Sigstore and distroless container images right from their browsers through an interactive sandbox terminal.

Chainguard Enforce Enters General Availability

Chainguard Enforce, the company’s comprehensive solution for supply chain risk management software is now generally available. Since the launch of its early access program in April, Chainguard Enforce today is adding new features including “agentless” mode, a re-designed UI with security metrics, SOC2 Type 1 certification, curated security policies and alerting, integrations with CloudEvents, OPA Gatekeeper and Styra, Terraform provider, Vault, and more. With Chainguard Enforce, organizations can focus on delivering software efficiently throughout every step of the software development lifecycle, make real-time policy decisions and access critical metadata for incident management.

For more information or to see the demo of Wolfi and try out the new capabilities in Chainguard Enforce, get in touch with the Chainguard team. Or click here for information on how to get started with Chainguard Academy.

About Chainguard

Chainguard is the first developer platform for supply chain security software, enabling developers everywhere to ship secure software. It is founded by the industry’s leading experts on open source software, security and cloud native development and is backed by Sequoia, Amplify Partners, the Chainsmokers and more. Chainguard’s product portfolio includes Chainguard Enforce, Chainguard Images and Professional Services. Customers range from Fortune 500 companies in banking, fintech, government and infrastructure to startups and SMBs. For more information, please visit: https://www.chainguard.dev/.

Media Contact
Kaylin Trychon
[email protected]
978 490 4036

SOURCE Chainguard

.

Leave a Reply