 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
Chainguard OS is great, but what if you want to customize your own Linux? Now, with the Chainguard OS Package, you can build a safe, secure Linux with the features you want.
Almost every company tweaks the Linux distro they use to get it just right. The problem is, as developer security company Chainguard VP of Engineering Dustin Kirkland told The New Stack on Tuesday at Chainguard Assemble in New York, “Anyone who’s building a derivative distro can only go as fast as their base distro — Debian, Fedora, Alpine — can go,” and that means they can contain Common Vulnerabilities and Exposures (CVE) security holes. Chainguard has a better idea: Chainguard OS Packages.
Built on Chainguard OS, the company’s constantly updated-to-stay-secure distro, Packages enables advanced engineering teams to assemble their own container images, without the grind of tracking and fixing CVEs themselves.
The new Chainguard OS Packages use the same zero‑known‑CVE packages and secure base images that underpin every Chainguard Container. The Packages are all built from source and maintained in the company’s automated Chainguard Factory 2.0. Packages give customers direct access to the underlying components, allowing them to compose images using their own Dockerfiles, Bazel rules, or apko configs.
For users, that means instead of inheriting whatever a generic base includes, your team can explicitly choose the features, dependencies, and upgrade cadence of their production images. At the same time, Chainguard handles rebuilding, CVE remediation, and compliance work in the background. Fast and secure? What’s not to like?
In his keynote speech, Chainguard CEO and co-founder Dan Lorenc said, “Chainguard OS Packages is like receiving a professional meal kit from a Michelin‑starred supplier. It’s for teams that don’t need the finished meal but want control over their recipe and look to us for trusted ingredients. Just as most chefs build a custom dish from trusted ingredients rather than growing every herb in their garden, Chainguard OS enables organizations to build custom container images from trusted packages without managing CVEs themselves. Customers keep full control of the final image while Chainguard handles sourcing and quality.”
This amount of control is needed, Lorenc explains, because with AI, we’re moving from hand tools to power tools to industrialized software supply chains as AI accelerates both development and programming attacks. “We need to move to automated assembly lines, where security and compliance and trust are built in, and we need to do that quickly,” he told attendees. He warns that the traditional model of discovering a CVE, filing a ticket, and patching over 30‑, 60‑ or 90‑day windows “is going to go away quickly.” In short, if you want secure images and distros, you must move at the speed of AI.
Lorenc was blunt: The bottleneck in modern software isn’t generating code anymore; it’s trust. In his keynote, he describes how AI is collapsing exploit development timelines from months to hours. AI’s sheer speed makes it impossible for defenders to rely on manual patch cycles.
“The only way to keep up here is automation and starting with something secure by design,” he convincingly argued that hardened operating systems and automated rebuild pipelines are now table stakes.
So Chainguard argues that as container security programs mature, many organizations outgrow simple base-image swaps and want tight control over exactly what runs in production. Historically, that has meant building and maintaining their own package repositories: watching upstream projects for releases, rebuilding packages, and tracking vulnerabilities. That’s a lot of work.
With Packages, Chainguard says those same teams can get a DIY experience without handling all the heavy lifting. The company delivers more than 30,000 enterprise‑grade packages via a private APK repository, along with select base images, all of which are continuously rebuilt in its Factory pipeline. Each package includes SBOMs generated by Chainguard’s software factory, so you know exactly what you’re building in your custom images.
Sounds good to you? Chainguard OS Packages is available now in beta, with access requests handled through the company’s website.
