Chainguard

Achieving FedRAMP compliance can be a challenge. 🏋️ Next week at #Assemble2025, we've put together an all-star panel to talk through FedRAMP's container security requirements, and how to balance compliance and innovation to achieve your goals. 🤩 ☯️ The panel will include Maya Kaczorowski from Oblique, Karan Sondhi from Trellix, Ken McDonald from Checkmarx, and Orion Foeller from Scale AI! 🙌 Sign up before March 25 to attend in-person: https://lnkd.in/e-nbr7fZ

Our defense in depth security strategy is top tier. See how we protected ourselves against CVE-2024-12085 before it was even publicly disclosed with the help of OpenSSF-recommended compiler flags! ⛳️ https://lnkd.in/gZtkiZvM

Just do it ➡️ Just build it Join us in San Francisco for #Assemble2025: https://lnkd.in/eNq5ZRyX

A week from now, on March 25, we'll be taking the stage in San Francisco for #Assemble2025! 🔥📆 Join us in person to hear the all the latest innovations we're making as we build the future of secure software: https://lnkd.in/eNq5ZRyX

Chainguard's defense in depth approach to security is something we're incredibly proud of, and it's kept us safe from several compromises and attacks, including the recent tj-actions/changed-files GitHub incident. 🔏 Learn more in this blog from our CTO, Matt Moore: https://lnkd.in/e7Drtd49

In 2023, over 163 million individuals were impacted by cyberattacks against healthcare organizations. And over the last five years, the number of large-scale breaches impacting healthcare companies has doubled. In direct response to the growing number of healthcare breaches, the U.S. Department of Health and Human Services (HHS) recently proposed significant changes to the HIPAA Security Rule. These changes impose strict SLAs for vulnerability remediation of open source software. CVEs marked as critical or high severity must be addressed within 15 and 30 calendar days, respectively, with annual audits to ensure ongoing compliance. That means CVE remediation isn’t a one time effort, but a continuous and onerous workstream for engineering and security teams. Over time, we expect these updates to continue as HHS looks to guidelines like NIST 800-53 as best practice. This is critical to understand: NIST 800-53 requires zero CVEs overall in container images, as well as FIPS cryptography and STIG hardening to ensure a secure software foundation. To help teams reduce the cost of compliance and manage audit risks, Chainguard builds minimal, zero CVE containers in direct alignment with HIPAA controls. All of our secure-by-design images start at zero CVEs and stay there under our best-in-class SLA for CVE remediation (7 days for critical, 14 days for high, medium, low). Plus, Chainguard Images come with FIPS cryptography, full SBOMs, and OS-level STIGs. Below we compare the average count of CVEs over the last month, in Chainguard’s images vs. open source alternatives.   - Python-FIPs: 0 CVE for CG vs. 186 CVEs for OSS - JDK-FIPs: 0 CVEs for CG vs. 116 CVEs for OSS - Go-FIPS: 1 CVE for CG vs. 105 CVEs for OSS - Node-FIPS: 0 CVEs for CG vs. 174 CVEs for OSS - NGINX-FIPS: 0 CVEs for CG vs. 63 CVEs for OSS Learn more about how Chainguard can simplify your HIPAA compliance journey here => https://lnkd.in/dhJAGKG7 

Happy #PiDay! 🥧 Chainguard is securing the software supπ chain for over 100 customers around the globe. See our vision of a world where security and innovation move in lockstep: https://lnkd.in/emvSECEh

The agenda at #Assemble2025 on March 25 is jam-packed with engaging content from our customers, community, and leaders! 💪👥 Get the details for each of our sessions in this blog: https://lnkd.in/eD8-quTN

Less than two weeks until Assemble! Oz Pearlman is ready for the magic... are you? 🪄 Register today: https://lnkd.in/eNq5ZRyX

Tune in to the #Assemble2025 keynote, live from San Francisco. Be the first to hear from Chainguard’s leadership on our latest innovations as we build the future of secure software development.