Sold by: Chainguard
Deployed on AWS
Chainguard Images are a collection of minimal, hardened container images that are patched and rebuilt daily, and come with low-to-zero known CVEs, SLSA 2 compliance, signatures, and SBOMs.
4.8
Overview
Chainguard Images are a collection of minimal, hardened container images. They only contain what is required to build or run your application, delivering on average a 97.6% reduction in CVEs. Each Chainguard Image is patched and rebuilt daily from source with the latest security fixes and CVE remediations, resulting in low-to-zero known CVEs, verifiable image signatures and attestations, high-quality SBOMs, and SLSA Level 2 - Build compliance.
The Chainguard Images inventory contains images for the most popular base images, including Go, Python, Ruby, PHP, Node, and more; and a selection of common developer tools, applications, data products, and servers.
Chainguard Production Images are available for FIPS compliance, major and minor versions, enterprise SLAs, and customer support. Chainguard offers custom pricing through AWS Marketplace Private Offers.
Chainguard provides custom pricing for customers via Private Offer. Please contact AWS-marketplace@chainguard.dev for more information on our pricing model. Pricing displayed is per Image.
Highlights
- Low-to-zero known CVEs with daily patches and rebuilds
- Full SLSA Build Level 2 provenance, signatures, and SBOMs
- Images with FIPS validation available upon request
Details
Sold by
Categories
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Trust Center
Access real-time vendor security and compliance information through their Trust Center powered by Drata or Vanta. Review certifications and security standards before purchase.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Custom pricing options
Pricing is based on your specific requirements and eligibility. Sign in to view any offers that have been extended to you.
Legal
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Chainguard Images are a collection of minimal, hardened container images that are patched and rebuilt daily, and come with low-to-zero known CVEs, SLSA 2 compliance, signatures, and SBOMs.
Deploy your containerized workloads in a threat-resistant environment by leveraging Chainguard container hosts, backed by our CVE remediation SLA, helping you eliminate developer toil and enabling your team to focus on innovation instead of patching vulnerabilities. These minimal, low-to-zero-CVE container hosts are built entirely from source in Chainguard's SLSA Level 2 infrastructure. These container hosts include only those components required to run as a container host, along with an optimized kernel.
Deploy your containerized workloads in a threat-resistant environment by leveraging Chainguard container hosts, backed by our CVE remediation SLA, helping you eliminate developer toil and enabling your team to focus on innovation instead of patching vulnerabilities. These minimal, low-to-zero-CVE container hosts are built entirely from source in Chainguard's SLSA Level 2 infrastructure. These container hosts include only those components required to run as a container host, along with an optimized kernel.
Deploy your containerized workloads in a threat-resistant environment by leveraging Chainguard container hosts, backed by our CVE remediation SLA, helping you eliminate developer toil and enabling your team to focus on innovation instead of patching vulnerabilities. These minimal, low-to-zero-CVE container hosts are built entirely from source in Chainguard's SLSA Level 2 infrastructure. These container hosts include only those components required to run as a container host, along with an optimized kernel.
Customer reviews
Airlines/Aviation
Fast CVE Remediation and a Clean CLI—Occasional Auth0 Login Hiccups
Reviewed on Jun 18, 2026
Review provided by G2
What do you like best about the product?
The fast CVE remediation requires a minimal images.
The well-thought-out authentication flow for CLI and a simple, but complete interface.
The well-thought-out authentication flow for CLI and a simple, but complete interface.
What do you dislike about the product?
The login flow is generally fine, but from time to time I get a “something went wrong” message on the Auth0 page. It doesn’t happen often, and it’s not a big deal.
What problems is the product solving and how is that benefiting you?
They allow us to lower our CVE count, which is the main advantage of using Chainguard images.
Before, while using public Docker images, we couldn't hit 0 CVE; it was impossible. Chainguard made it possible
Before, while using public Docker images, we couldn't hit 0 CVE; it was impossible. Chainguard made it possible
Adil C.
Exceptional product, team that genuinely partners with you
Reviewed on Jun 17, 2026
Review provided by G2
What do you like best about the product?
Reducing CVEs is obviously important, but even more so are the people who work there and the support they provide. They genuinely care about helping their clients get the most out of their products and services.
What do you dislike about the product?
Honestly, I cant think of anything that I dislike about them.
What problems is the product solving and how is that benefiting you?
Chainguard provides hardened container images that dramatically reduce our CVE exposure. It cuts down the vulnerability noise our team has to triage, letting us focus on shipping product instead of chasing base image issues.
Information Technology and Services
Huge CVE Reduction with Chainguard Images, Plus Excellent UI and Documentation
Reviewed on Jun 15, 2026
Review provided by G2
What do you like best about the product?
The CVE reduction we’ve seen with Chainguard images has been a huge lift for us. The UI offers robust functionality, and it’s well supported by Chainguard’s tooling and integration points. The documentation is excellent, and the team has been amazing—especially Eric and Gem.
What do you dislike about the product?
Generally don't have anything to share around dislikes.
What problems is the product solving and how is that benefiting you?
Improved supply chain security posture, minimized images, etc.
Hospital & Health Care
Well-Engineered, Fast-Updated Secure Container Images with Outstanding Support
Reviewed on Jun 15, 2026
Review provided by G2
What do you like best about the product?
Chainguard container images are very well engineered, well managed, and well supported. The company stays focused on providing meaningful, effective security, and that focus shows in the overall experience.
The images are updated promptly as vulnerabilities are resolved by product owners and communities. For example, I was tracking a particularly high-impact npm vulnerability, and our node/npm images were updated within four hours of the release of the new (remediated) npm version.
Wolfi, as a container-focused Linux distribution, is well planned and well implemented. I especially appreciate the glibc compatibility (in contrast to Alpine).
Chainguard has also done a great job developing tools and information that can be used in automated processes, rather than only being available via a web page.
Overall, I’ve appreciated the depth of knowledge on the technical team. I’ve learned a huge amount and added a significant number of security tools based on my conversations with our technical support team. The product support lead for our company has done an amazing job providing everything possible for us to be successful.
The images are updated promptly as vulnerabilities are resolved by product owners and communities. For example, I was tracking a particularly high-impact npm vulnerability, and our node/npm images were updated within four hours of the release of the new (remediated) npm version.
Wolfi, as a container-focused Linux distribution, is well planned and well implemented. I especially appreciate the glibc compatibility (in contrast to Alpine).
Chainguard has also done a great job developing tools and information that can be used in automated processes, rather than only being available via a web page.
Overall, I’ve appreciated the depth of knowledge on the technical team. I’ve learned a huge amount and added a significant number of security tools based on my conversations with our technical support team. The product support lead for our company has done an amazing job providing everything possible for us to be successful.
What do you dislike about the product?
The most difficult issue I’ve encountered when using the Chainguard container images is the complexity of the web pages for the container products.
My company has a specific need to use only the latest updated version within each supported product major version. Because of that, it was hard to explain to other users which label they should use. For example, I need teams to refer to images by product and major version, e.g., node:24-latest. However, the same image might also be referenced as “node:latest” or “node:24.9,” which created confusion. I ended up developing an internal dashboard to make it clearer which images to use to meet our compliance requirements.
Note: I understand that many other companies might prefer node:latest or a pinned version, so Chainguard needs to provide all the labels to give customers flexibility and choice. In our case, though, that flexibility made it harder for some of our teams to consistently select the correct option for our needs.
My company has a specific need to use only the latest updated version within each supported product major version. Because of that, it was hard to explain to other users which label they should use. For example, I need teams to refer to images by product and major version, e.g., node:24-latest. However, the same image might also be referenced as “node:latest” or “node:24.9,” which created confusion. I ended up developing an internal dashboard to make it clearer which images to use to meet our compliance requirements.
Note: I understand that many other companies might prefer node:latest or a pinned version, so Chainguard needs to provide all the labels to give customers flexibility and choice. In our case, though, that flexibility made it harder for some of our teams to consistently select the correct option for our needs.
What problems is the product solving and how is that benefiting you?
Chainguard provided us with a solution for building containers configured to minimize the attack surface and kept up to date as security patches are released.
Across our teams, we’ve used images based on a range of distributions, including Ubuntu, Debian, Alpine, and others. Chainguard’s Wolfi OS has been more compatible with glibc-based components, and it’s updated much more frequently than the other container options we’ve used. Chainguard’s container images are the gold standard for deploying and maintaining security-focused containers.
Across our teams, we’ve used images based on a range of distributions, including Ubuntu, Debian, Alpine, and others. Chainguard’s Wolfi OS has been more compatible with glibc-based components, and it’s updated much more frequently than the other container options we’ve used. Chainguard’s container images are the gold standard for deploying and maintaining security-focused containers.
Computer Software
Faster way to lower the CVE count with some caveats
Reviewed on Jun 15, 2026
Review provided by G2
What do you like best about the product?
the idea of not having to think about vulnerabilities
and their team support
and their team support
What do you dislike about the product?
UI is slighly clunky, the CLI could be improved
What problems is the product solving and how is that benefiting you?
Keeping the CVE count low really helps us, because it lets us move faster and avoid having to maintain the base images ourselves.