Open-source software has risen dramatically in popularity, driving a completely new approach to building, and therefore securing, applications. While the use of open-source software has increased speed-to-market for innovation, it’s also made vulnerability management and patching more complex. Today, we’re excited to announce our partnership with Chainguard to unify how enterprises secure cloud native applications from cloud to build to code.
A brief introduction to Chainguard, Chainguard OS, and distroless container images
Chainguard is the safe alternative to traditional open-source software, with a demonstrated 97.6% reduction in CVEs compared to OSS equivalents. Chainguard delivers purpose-built distroless container base and app images with zero CVEs, as well as minimal, zero-CVE virtual machine images built entirely from source, and malware-resistent Java and Python libraries to keep developers focused on shipping instead of curating and maintaining packages.
Chainguard builds distroless container images that are minimal, only containing the essential runtime components—no shell or package manager. This significantly reduces the attack surface and makes containers inherently more secure, while also decreasing image sizes and improving performance. These “standard” container images are paired with -dev variants (that are themselves production ready as well), with the shells and package managers developers often rely on when building their software, allowing teams to build and deploy on the same trusted foundation.
To facilitate the development of Chainguard Containers, Chainguard built Wolfi, a bootstrapped open source Linux distribution and its commercial version Chainguard OS designed for the cloud-native era. Chainguard OS is designed specifically for continuous updates, rapid security patching, and minimal package sets. This approach enables faster vulnerability remediation and smaller image sizes.
Focus on the CVEs that matter with Orca and Chainguard
The Orca Platform provides comprehensive visibility into every layer of your cloud estate including cloud configurations, container images, the Kubernetes control plane, open-source packages, and code repos. This visibility now includes images distributed by Chainguard OS, including Chainguard Containers, ultimately providing a unified view into your software supply chain.
Orca scans these images and their installed packages for vulnerabilities, then checks these findings against Chainguard Security Advisories to eliminate false positives and help vulnerability management teams focus remediation efforts on the most impactful issues.
Together, Chainguard and Orca ensure your cloud native apps are secure, from cloud to build to code.
About the Orca Cloud Security Platform
Orca offers a unified and comprehensive cloud security platform that identifies, prioritizes, and remediates security risks and compliance issues across AWS, Azure, Google Cloud, Oracle Cloud, Alibaba Cloud, and Kubernetes. The Orca Cloud Security Platform leverages Orca’s patented SideScanning™ technology to provide complete coverage and comprehensive risk detection.
Learn More
Interested in discovering the benefits of the Orca Platform and how it can be integrated with tools like Chainguard? Schedule a personalized 1:1 demo, and we’ll show how you can use Orca to identify, prioritize, and remediate risks in your cloud environment. If you already use both Orca and Akamai, follow the steps in the documentation to set up the integration.
