Chainguard VMs on

Chainguard VMs Overview

Tue, 21 Oct 2025 08:04:00 +0000

Chainguard VMs offer a minimal and verifiable foundation for running ephemeral workloads in cloud and on-prem hypervisor deployments, designed to complement and extend the same secure-by-default philosophy found in Chainguard Containers. With a strong focus on rapid CVE remediation and a small attack surface, Chainguard VMs are purpose-built to service the target workload and include only the packages that are essential for its operation.

Built in the Chainguard Factory, Chainguard VMs benefit from a highly automated, secure-by-design build pipeline that ensures consistent, reproducible artifacts. This streamlined process enables the delivery of VM images that are continuously updated to eliminate known vulnerabilities.

Chainguard VMs Compliance Features

Thu, 20 Nov 2025 08:04:00 +0000

Chainguard VMs provide pre-hardened, audit-ready Linux virtual machine images designed for regulated and high-assurance environments (federal, defense, healthcare, financial services, and suppliers to those sectors). These images combine the following features:

Feature	Description
FIPS 140-3 validated cryptography	NIST CMVP-validated software modules and SP 800-90B compliant entropy, with runtime guardrails blocking non-FIPS crypto.
STIG hardening	Pre-configured to DISA STIG controls, delivered as production-ready images.
CIS benchmark compliance	CIS Level 1 hardened variants, hybrid STIG + CIS baseline.
Secure Boot	Secure Boot enabled by default across AWS, Azure, GCP, and on-prem.
Compliance evidence & reporting	FIPS certificates, OpenSSL docs, Security Content Automation Protocol (SCAP) scan results, and POA&M-ready artifacts.
CVE remediation SLA	7 days for critical CVEs, 14 days for high, medium, and low.

Chainguard FIPS 140-3 validated and hardened VM images serve as ready-to-use replacements for standard operating systems across AWS, Azure, and GCP, allowing organizations to maintain existing infrastructure and workflows while achieving immediate compliance. This guide outlines the compliance features of Chainguard VMs and how they can help reduce engineering toil for your organization.

Overview of The Chainguard Factory

Tue, 15 Jul 2025 08:49:31 +0000

Chainguard Factory is the automated build infrastructure that continuously monitors, builds, and updates thousands of open source projects to deliver containers, libraries, and VMs with a strong security posture and the latest patches. This massive automation system tackles one of the industry’s biggest challenges: keeping software dependencies current at scale while maintaining security and compatibility across the entire open source ecosystem.

Chainguard VMs FAQ

Tue, 21 Oct 2025 08:04:00 +0000

Which platforms and hypervisors are Chainguard VMs available for?

Chainguard VMs are available for AWS (EC2 and ECS/EKS), GCP (Compute Engine), and Azure Compute cloud environments, and also for on-prem solutions based on KVM such as QEmu, VMWare, Nutanix, among others.

Chainguard Factory FAQs

Thu, 17 Jul 2025 08:49:31 +0000

What is the Chainguard Factory?

The Chainguard Factory refers to all the engineering and automation work that goes into building, publishing, and maintaining the software packaged in Chainguard’s products. This includes continuously monitoring, testing, and updating thousands of open source projects that make up Chainguard containers, libraries, and VMs.