Chainguard Images
ChainguardReviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
42 reviews
from
External reviews are not included in the AWS star rating for the product.
Best in the business
What do you like best about the product?
Removes the complexity from dealing with CVEs from the development process, allowing teams to ship high quality software without compromising security or speed.
What do you dislike about the product?
Nothing - they are my go-to recommendation when teams are struggling in the process.
What problems is the product solving and how is that benefiting you?
Chainguard buys down time and complexity in the container security and CVE process, allowing software to rapidly achieve security requirements and deploy into secure environments
Spend less time talking about CVEs
What do you like best about the product?
We've all seen a ton of projects that will detect CVEs but then you have the secondary problem of deciding where the CVE originated from (base image or first party code), how to patch or upgrade, when to patch so not to impact customers, who should own the updates, what to tell customers and compliance...
Chainguard Images removes the CVEs -- no debate, no CVSS, no triaging, no work tickets. It's done. Enterprises that appreciate this problem will see an ROI in weeks if not days. Not to mention that enterprise customers get an SLA for patches -- I challenge anyone to do what they are doing internally without spending millions on a team who does this as a full time job.
Then for the orgs that are investing in the software supply chain risks, they provide provenance, signing, and an accurate SBOM out-of-The box to start your journey in managing a secure software supply chain.
Chainguard Images removes the CVEs -- no debate, no CVSS, no triaging, no work tickets. It's done. Enterprises that appreciate this problem will see an ROI in weeks if not days. Not to mention that enterprise customers get an SLA for patches -- I challenge anyone to do what they are doing internally without spending millions on a team who does this as a full time job.
Then for the orgs that are investing in the software supply chain risks, they provide provenance, signing, and an accurate SBOM out-of-The box to start your journey in managing a secure software supply chain.
What do you dislike about the product?
The free offering is (reasonably) only the :latest tag which might be fine for personal projects but not most production environments. I don't know the costs for individuals or small orgs (I'm an enterprise customer) but its not free.
What problems is the product solving and how is that benefiting you?
This solves a major piece of our compliance story. We need to demonstrate to compliance that we are properly managing CVEs that are impacting our customers. It's also planned to rolled out everywhere in our org as part of a Gold Image project.
Chainguard’s container images, towards effortless and strong security posture
What do you like best about the product?
I was looking for replacing my base images with more a secure approach (i.e. distroless), Chainguard images were a great fit because easy to use and well maintained. The other aspect is the customer support that the Chainguard team is providing, even with the free container images. As an example, they took my feedback, answered my questions as well as educated around the different concepts.
What do you dislike about the product?
Not yet widely used out there, but it's coming as more awareness and education are provided and shared. I haven't built my own container image with wolfi, melange and apko yet, as I will to spend more time to get started with them.
What problems is the product solving and how is that benefiting you?
Chainguard is helping by default and effortless to improve my security posture with my container images.
Great base images
What do you like best about the product?
There's not much to say, and I mean that in a good way. Their base images are small, and almost always have a significant amount of less surface area and vulnerabilities than containers based on traditional distributions. I like that the build process is on github so you can open up their merge queue and watch the updates go in in real time. It's also great that they can be as small as Alpine images but with glibc so you don't have to worry about dealing with musl.
What do you dislike about the product?
I don't have experience with their commercial support.
What problems is the product solving and how is that benefiting you?
Smaller base images - a drop in replacement for Alpine/Ubuntu.
Critical for SBOM and supply chain security
What do you like best about the product?
Chainguard does the hard work of building secure containers, and ensuring that things are kept up to date. They are experts in the field and provide both a balanced approach with best in class security.
What do you dislike about the product?
Containers are often challenging to adopt, and with many common tools not present (because they have security vulnerabilities), existing tools may not work inside of Chainguard images. That's not Chainguard's fault, it just is an adaptation the entire ecosystem needs to make to get secure.
What problems is the product solving and how is that benefiting you?
Ensuring that the containers we use for our applications are secure, minimal, and well structured.
Provenance Data!
What do you like best about the product?
Their images come with great attestation data that alows us to indepedently verify provnance.
What do you dislike about the product?
Not enough places are using it yet. It would be great of more OSS used it so vuln would be reduced for the OSS we consume.
What problems is the product solving and how is that benefiting you?
It lowers the number of vulnrubiities.
Chainguard is a game changer for your SBOM and security
What do you like best about the product?
Backed in security, hardening and ease of use
What do you dislike about the product?
Pricing model is a tad high but worth it for me
What problems is the product solving and how is that benefiting you?
Hardens our containers, fix CVEs and SBOM.
Small, up-to-date and secure base images
What do you like best about the product?
We've replaced our usage of alpine as a base image with the "wolfi-base" image, it's almost the same experience - using apk to install packages for example - but with an always up-to-date distribution and no CVEs.
The investment is minimal, but the value is huge for us, as we don't have to manage old alpine releases anymore.
The investment is minimal, but the value is huge for us, as we don't have to manage old alpine releases anymore.
What do you dislike about the product?
Not all the chainguard images are drop-in replacements for "official" images you might be using today. Some require a bit of work to integrate properly in your setup.
What problems is the product solving and how is that benefiting you?
easy to use and secure-by-default base images. In case of newly detected vulnerability, we can always count on chainguard to be the first to provide patched images.
Chainguard Images are amazing if you are struggling managing CVE
What do you like best about the product?
Chainguard images are very easy to use. Most of the time they are drop-in replacements. Just a few line changes and most (if not all) the CVE are gone. The impact is super high with minimal effort from user.
What do you dislike about the product?
Building custom packages if easier (melange+apko), can help attracting more users.
What problems is the product solving and how is that benefiting you?
We struggled with managing vulnerabilities in base images. Chainguard images free us from that and focus on app development
Software supply chain starts at the container level!
What do you like best about the product?
Since its inception, Chainguard has been modernizing the software supply chain ecosystem and one of their most critical work, and often thought for granted, is their containers image repository.
In a perfect world, every end-user company, would create container images that are signed (ever heard about Sigstore? Chainguard created it), have a software bill of materials (SBOMs) and are scanned (0 CVEs) before being used in production.
Well, we don't live in such world and Chainguard, instead of playing the role of "use our base images at your own risk", they moved towards the hardest direction and provide us with updated, signed and scanned base images at their own costs!
Want to have the latest node.js image with 0 CVEs? docker/podman/nerdctl pull cgr.dev/chainguard/node. That's that easy. Nothing to implement, change the source repository and you're good to go.
Of course, for production you should never run the latest image and instead target a specific version. This is where their customer support comes into play by helping you customizing the usage of their images to your needs.
Chainguard took ownership of what I call a "grey area", where providers and customers tend to finger point when something goes wrong. And by doing so, with their team of experts, I can confidently say the container ecosystem feels a little bit more secure, and this means a lot.
In a perfect world, every end-user company, would create container images that are signed (ever heard about Sigstore? Chainguard created it), have a software bill of materials (SBOMs) and are scanned (0 CVEs) before being used in production.
Well, we don't live in such world and Chainguard, instead of playing the role of "use our base images at your own risk", they moved towards the hardest direction and provide us with updated, signed and scanned base images at their own costs!
Want to have the latest node.js image with 0 CVEs? docker/podman/nerdctl pull cgr.dev/chainguard/node. That's that easy. Nothing to implement, change the source repository and you're good to go.
Of course, for production you should never run the latest image and instead target a specific version. This is where their customer support comes into play by helping you customizing the usage of their images to your needs.
Chainguard took ownership of what I call a "grey area", where providers and customers tend to finger point when something goes wrong. And by doing so, with their team of experts, I can confidently say the container ecosystem feels a little bit more secure, and this means a lot.
What do you dislike about the product?
Maybe the only downside I can see about Chainguard efforts, is to know if keeping all these 0 CVEs images on the long term will not impact other sections/innovations due to this very demanding workload.
The company seems to grow at a good pace (not too fast or slow), however the security is a daily fight and the ressources can be limited.
I fully trust their solutions, and believe they automated the most of their tasks. Still, it's a lot of efforts for "only one side" of Chainguard's offering.
The company seems to grow at a good pace (not too fast or slow), however the security is a daily fight and the ressources can be limited.
I fully trust their solutions, and believe they automated the most of their tasks. Still, it's a lot of efforts for "only one side" of Chainguard's offering.
What problems is the product solving and how is that benefiting you?
Software supply chain security by providing sane container images. By giving us a "secure start", we can focus on the software development and continue the secure supply chain up to production.
showing 31 - 40