Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
Spend less time talking about CVEs
What do you like best about the product?
We've all seen a ton of projects that will detect CVEs but then you have the secondary problem of deciding where the CVE originated from (base image or first party code), how to patch or upgrade, when to patch so not to impact customers, who should own the updates, what to tell customers and compliance...
Chainguard Images removes the CVEs -- no debate, no CVSS, no triaging, no work tickets. It's done. Enterprises that appreciate this problem will see an ROI in weeks if not days. Not to mention that enterprise customers get an SLA for patches -- I challenge anyone to do what they are doing internally without spending millions on a team who does this as a full time job.
Then for the orgs that are investing in the software supply chain risks, they provide provenance, signing, and an accurate SBOM out-of-The box to start your journey in managing a secure software supply chain.
Chainguard Images removes the CVEs -- no debate, no CVSS, no triaging, no work tickets. It's done. Enterprises that appreciate this problem will see an ROI in weeks if not days. Not to mention that enterprise customers get an SLA for patches -- I challenge anyone to do what they are doing internally without spending millions on a team who does this as a full time job.
Then for the orgs that are investing in the software supply chain risks, they provide provenance, signing, and an accurate SBOM out-of-The box to start your journey in managing a secure software supply chain.
What do you dislike about the product?
The free offering is (reasonably) only the :latest tag which might be fine for personal projects but not most production environments. I don't know the costs for individuals or small orgs (I'm an enterprise customer) but its not free.
What problems is the product solving and how is that benefiting you?
This solves a major piece of our compliance story. We need to demonstrate to compliance that we are properly managing CVEs that are impacting our customers. It's also planned to rolled out everywhere in our org as part of a Gold Image project.
- Leave a Comment |
- Mark review as helpful
Chainguard’s container images, towards effortless and strong security posture
What do you like best about the product?
I was looking for replacing my base images with more a secure approach (i.e. distroless), Chainguard images were a great fit because easy to use and well maintained. The other aspect is the customer support that the Chainguard team is providing, even with the free container images. As an example, they took my feedback, answered my questions as well as educated around the different concepts.
What do you dislike about the product?
Not yet widely used out there, but it's coming as more awareness and education are provided and shared. I haven't built my own container image with wolfi, melange and apko yet, as I will to spend more time to get started with them.
What problems is the product solving and how is that benefiting you?
Chainguard is helping by default and effortless to improve my security posture with my container images.
Great base images
What do you like best about the product?
There's not much to say, and I mean that in a good way. Their base images are small, and almost always have a significant amount of less surface area and vulnerabilities than containers based on traditional distributions. I like that the build process is on github so you can open up their merge queue and watch the updates go in in real time. It's also great that they can be as small as Alpine images but with glibc so you don't have to worry about dealing with musl.
What do you dislike about the product?
I don't have experience with their commercial support.
What problems is the product solving and how is that benefiting you?
Smaller base images - a drop in replacement for Alpine/Ubuntu.
Critical for SBOM and supply chain security
What do you like best about the product?
Chainguard does the hard work of building secure containers, and ensuring that things are kept up to date. They are experts in the field and provide both a balanced approach with best in class security.
What do you dislike about the product?
Containers are often challenging to adopt, and with many common tools not present (because they have security vulnerabilities), existing tools may not work inside of Chainguard images. That's not Chainguard's fault, it just is an adaptation the entire ecosystem needs to make to get secure.
What problems is the product solving and how is that benefiting you?
Ensuring that the containers we use for our applications are secure, minimal, and well structured.
Provenance Data!
What do you like best about the product?
Their images come with great attestation data that alows us to indepedently verify provnance.
What do you dislike about the product?
Not enough places are using it yet. It would be great of more OSS used it so vuln would be reduced for the OSS we consume.
What problems is the product solving and how is that benefiting you?
It lowers the number of vulnrubiities.
Chainguard is a game changer for your SBOM and security
What do you like best about the product?
Backed in security, hardening and ease of use
What do you dislike about the product?
Pricing model is a tad high but worth it for me
What problems is the product solving and how is that benefiting you?
Hardens our containers, fix CVEs and SBOM.
Small, up-to-date and secure base images
What do you like best about the product?
We've replaced our usage of alpine as a base image with the "wolfi-base" image, it's almost the same experience - using apk to install packages for example - but with an always up-to-date distribution and no CVEs.
The investment is minimal, but the value is huge for us, as we don't have to manage old alpine releases anymore.
The investment is minimal, but the value is huge for us, as we don't have to manage old alpine releases anymore.
What do you dislike about the product?
Not all the chainguard images are drop-in replacements for "official" images you might be using today. Some require a bit of work to integrate properly in your setup.
What problems is the product solving and how is that benefiting you?
easy to use and secure-by-default base images. In case of newly detected vulnerability, we can always count on chainguard to be the first to provide patched images.
Chainguard Images are amazing if you are struggling managing CVE
What do you like best about the product?
Chainguard images are very easy to use. Most of the time they are drop-in replacements. Just a few line changes and most (if not all) the CVE are gone. The impact is super high with minimal effort from user.
What do you dislike about the product?
Building custom packages if easier (melange+apko), can help attracting more users.
What problems is the product solving and how is that benefiting you?
We struggled with managing vulnerabilities in base images. Chainguard images free us from that and focus on app development
Software supply chain starts at the container level!
What do you like best about the product?
Since its inception, Chainguard has been modernizing the software supply chain ecosystem and one of their most critical work, and often thought for granted, is their containers image repository.
In a perfect world, every end-user company, would create container images that are signed (ever heard about Sigstore? Chainguard created it), have a software bill of materials (SBOMs) and are scanned (0 CVEs) before being used in production.
Well, we don't live in such world and Chainguard, instead of playing the role of "use our base images at your own risk", they moved towards the hardest direction and provide us with updated, signed and scanned base images at their own costs!
Want to have the latest node.js image with 0 CVEs? docker/podman/nerdctl pull cgr.dev/chainguard/node. That's that easy. Nothing to implement, change the source repository and you're good to go.
Of course, for production you should never run the latest image and instead target a specific version. This is where their customer support comes into play by helping you customizing the usage of their images to your needs.
Chainguard took ownership of what I call a "grey area", where providers and customers tend to finger point when something goes wrong. And by doing so, with their team of experts, I can confidently say the container ecosystem feels a little bit more secure, and this means a lot.
In a perfect world, every end-user company, would create container images that are signed (ever heard about Sigstore? Chainguard created it), have a software bill of materials (SBOMs) and are scanned (0 CVEs) before being used in production.
Well, we don't live in such world and Chainguard, instead of playing the role of "use our base images at your own risk", they moved towards the hardest direction and provide us with updated, signed and scanned base images at their own costs!
Want to have the latest node.js image with 0 CVEs? docker/podman/nerdctl pull cgr.dev/chainguard/node. That's that easy. Nothing to implement, change the source repository and you're good to go.
Of course, for production you should never run the latest image and instead target a specific version. This is where their customer support comes into play by helping you customizing the usage of their images to your needs.
Chainguard took ownership of what I call a "grey area", where providers and customers tend to finger point when something goes wrong. And by doing so, with their team of experts, I can confidently say the container ecosystem feels a little bit more secure, and this means a lot.
What do you dislike about the product?
Maybe the only downside I can see about Chainguard efforts, is to know if keeping all these 0 CVEs images on the long term will not impact other sections/innovations due to this very demanding workload.
The company seems to grow at a good pace (not too fast or slow), however the security is a daily fight and the ressources can be limited.
I fully trust their solutions, and believe they automated the most of their tasks. Still, it's a lot of efforts for "only one side" of Chainguard's offering.
The company seems to grow at a good pace (not too fast or slow), however the security is a daily fight and the ressources can be limited.
I fully trust their solutions, and believe they automated the most of their tasks. Still, it's a lot of efforts for "only one side" of Chainguard's offering.
What problems is the product solving and how is that benefiting you?
Software supply chain security by providing sane container images. By giving us a "secure start", we can focus on the software development and continue the secure supply chain up to production.
Secure and Efficient Toolbox for Containers
What do you like best about the product?
As a professional deeply engaged in Kubernetes projects, I have found Chainguard's Images and Digestabot to be essential tools in elevating the security and efficiency of my daily tasks. One remarkable feature, from my perspective, is the robust nature of Chainguard's images. Integrating these images with multi-stage builds has enabled me to significantly reduce container sizes, all while guaranteeing the final image's resilience against vulnerabilities.
Furthermore, the seamless integration with Digestabot has revolutionized the way I manage containerized applications, making it a pivotal asset in my work. Digestabot ensures the automatic and up-to-date maintenance of my images, alleviating the need for constant monitoring and manual updates for each component. This automated process has proven to be a valuable time-saving and stress-free element in my professional workflow.
Furthermore, the seamless integration with Digestabot has revolutionized the way I manage containerized applications, making it a pivotal asset in my work. Digestabot ensures the automatic and up-to-date maintenance of my images, alleviating the need for constant monitoring and manual updates for each component. This automated process has proven to be a valuable time-saving and stress-free element in my professional workflow.
What do you dislike about the product?
I have not encountered any dislikes with Chainguard thus far, even utilizing it with frequency. It has been easy to implement, and whenever I needed support, the responses were prompt and helpful.
What problems is the product solving and how is that benefiting you?
By leveraging Chainguard's images, I've been able to mitigate the risks associated with potential vulnerabilities, ensuring a more secure deployment in Kubernetes clusters. Additionally, Chainguard's integration with Digestabot has been instrumental in solving the problem of maintaining up-to-date containers. Digestabot automates the update process, saving me valuable time and effort that would otherwise be spent manually monitoring and updating each component.
showing 21 - 30