Highlights:
- Chainguard provides packed versions of well-known open-source products that its engineers have converted into container images.
- Chainguard claims that increasing demand has caused its yearly recurring revenue to triple over the last six months. However, it did not provide specific figures.
Chainguard Inc., which offers highly secure versions of open-source software tools, revealed raising USD 61 million in capital.
Leading the Series B round was Spark Capital. Banana Capital, Amplify Partners, Mantis VC, and Sequoia Capital also joined. Now, Chainguard has raised USD 116 million in overall outside funding.
Container images are the building blocks used to create container applications. These software bundles include an application and all the dependencies, or auxiliary programs, needed to function. Such a bundle’s composition and quantity differ substantially between projects.
Chainguard provides prepacked versions of well-known open-source products that its engineers have converted into container images. Programming languages, Redis databases, and various other technologies are included in the company’s image catalog. Compared to the base versions of those open-source tools, Chainguard’s container images have several cybersecurity optimizations implemented by the company.
Components not required for commercial software projects are frequently included in container images. Chainguard claims its images only contain the bare minimum of parts required to run them in production. Cybersecurity gets improved as hackers get fewer opportunities to explore vulnerabilities in a task with less code.
Cryptographically signed components are those that Chainguard does include in its container images. This means that they incorporate a piece of information, or signature, attesting that the code came from a reliable source. Companies can use this technique to ensure hackers haven’t tampered with the open-source components their developers download.
Chainguard creates a software bill of materials, or SBOM, for every container image for extra precaution. This document lists the elements that make up the image and gives technical specifications for each. SMBOMs facilitate the process of identifying vulnerabilities in open-source software for developers.
Every day, Chainguard updates the container images. This guarantees that every image has the most recent upstream version of the open-source tool that forms its foundation, according to the business. Within a day of the upstream version being released, users can download any security patches.
Typically, operating systems—mostly Linux—that serve as the platform for other components to operate on are included in container images. Chainguard includes Wolfi, an internally built Linux version, with its images. The most prominent characteristic of this system is the absence of a kernel, which is an operating system component in charge of controlling the underlying hardware.
For a kernel, Wolfi depends on the container runtime of the environment in which it is installed. Applications, in this case, containerized workloads, are run using a runtime, which is a collection of software components. However, Wolfi has security optimizations that make confirming the integrity of a container image’s source code easier, even when it doesn’t have a kernel.
The business offers Chainguard Enforce, a cloud service, in addition to its container images. The solution, according to the company, assists businesses in making sure the open-source components its engineers use, adhere to cybersecurity regulations. For instance, a company could use Chainguard Enforce to mandate that a cryptographic signature be included in all open-source components.
Dan Lorenc, Co-founder and Chief Executive of Chainguard said, “The future is clear: If you adopt open-source software, you are responsible for securing it. Chainguard is on a mission to be the safe source for open source that every organization building software today can rely on to build right, build safe and build fast.”
Chainguard claims that increasing demand has caused its yearly recurring revenue to triple over the last six months. However, it did not provide specific figures. Hewlett Packard Enterprise Co., Snowflake Inc., and other significant participants in the enterprise technology sector are among the installed base of the organization. Chainguard plans to use its Series B capital round to expand its sales force and expedite feature development projects to increase product adoption.