What do you like best about the product?

Using chainguard essentially eliminates container library vulnerabilities coming from our Docker base images (as well as standard package installs!). When we scan our chainguard based images with grype, or snyk, the only vulnerabilities left are from our application installs. We are in the process of implementing chainguard base images across the enterprise, and are expecting over 80% reduction in open vulnerabilities across the board. Chainguard's customer support is excellent, they are one of the best software vendors I have ever worked with.

What do you dislike about the product?

The only real downside is you have to modify your Dockerfiles to work with the Wolfi OS, which is alpine-like (i.e. you have to use apk, etc.) If your current base image is not alpine based, there is some learning curve and work.

What problems is the product solving and how is that benefiting you?

We have a significant backlog of known container vulnerabilities in our containers. Hardening and managing clean base images is a lot of work and takes specialized expertise that our development teams don't have. Changuard provides base images that work out of the box for most of our tech stacks and alleviates the need to manage hardened base images ourselves.