Chainguard

Agree 👍 or disagree 👎?

“We do these things not because they are easy, but because we thought they’d be easy!” This joke comes to mind every time I hear about someone DIYing FIPS for FedRAMP. 😅 I’ve talked to a good number of impressive, large technology companies that have come to us to help offload the enormous complexity of FIPS compliance, so seeing engineers with this cavalier “how hard could it be attitude” is always a 🤦♂️ moment for me.

😭 Challenge: You're a cloud service provider navigating FedRAMP ATO 🤩 Solution: Chainguard's zero-CVE guarded Images, ft. innovative FIPS validation, STIGs, & a guaranteed CVE patching SLA 🪄 We are THE container image solution that simplifies AND accelerates your #FedRAMP accreditation while saving your team time. 💟 https://lnkd.in/dYVFysGg

We're proud at Chainguard to join GitHub's new Secure Open Source Fund! Funding work to improve the security of open source is a very complicated topic, and it's something I've personally spent a long time working on. There's no one size fits all approach here, and it's much much much harder than just getting large companies to agree to allocate funding. I'm excited to see how this program works in practice - applications for projects are available now! https://lnkd.in/dxBUg4ui #opensource #security #github #cybersecurity

https://lnkd.in/gBb5CDGb

When they say a picture is worth 1000 words, were they talking about this one? 🤔

We're looking for a product manager to own our Chainguard Courses and support our Chainguard Academy (both of which I have contributed to). If that piques your interest, read on here:

It's 10pm, do you know what compiler flags your binaries have been built with? Compilers have advanced dramatically in the last several decades, and many common classes of memory-safety vulnerabilities have been entirely mitigated with modern compilers. Unfortunately, these protections aren't always enabled by default. This can be because compiler authors are worried about breaking backwards compatibility, or because they protection might cause an unintended side effect - typically around performance. Thankfully, our friends at the OpenSSF have put together a detailed guide on what all of these compiler flags mean, along with recommendations for which to set to maximize security of the compiled artifacts. Our team at Chainguard did a detailed audit of all the binaries we distribute, and made sure that we're setting all of these flags *at a minimum* across the board. You can now rest assured that everything you get from Chainguard is taking advantage of the most up to date hardening techniques available in modern compilers. And - our approach to compiler toolchains means you'll get these protections as soon as new compilers come out. No need to wait years for LTS-style distros to update to modern gcc or clang stacks! https://lnkd.in/e9cPAbbp #opensource #compilers #llvm #cybersecurity

Hey you!! Do you want to learn what it takes to build and test and scan 1100+ of the finest container images it's possible to build, dozens of times every day, reproducibly, with SBOMs, signatures, provenance, and more? Do you want to find out with me what it'll take to 10x that number and build them even more often, and faster? We've got some spots open on my team next year. If you're curious, reply or DM me and let's talk.

"Chainguard helps our engineers focus on developing features. Previously, most time was spent trying to mitigate CVEs & our customers were getting new features deployed. Using Chainguard has significantly shifted that paradigm. Developing in the DoD landscape is harder than the private sector & this helps a lot." ~ Enterprise customer in Defense & Space industry 🚀 😊 So grateful for our customers! See what else they have to say on G2: https://lnkd.in/eeVsdCSM