Chainguard releases native software supply chain security tool for Kurbernetes

Today, security company Chainguard announced its first product, Chainguard Enforce, an open-source supply chain security tool that’s built natively for Kubernetes. 

The solution enables users to define, manage, and distribute security policies across their Kubernetes environments to ensure that only trusted container images are deployed in clusters. 

Chainguard Enforce enables security teams to mitigate supply chain threats in Kubernetes production environments, by giving them more control over what’s allowed and offering more transparency over the code running.  

Securing the supply chain 

Chainguard Enforce’s launch comes as more organizations are becoming increasingly concerned over cyber criminals attacking vulnerabilities in the software supply chain, with research highlight that supply chain attacks grew by over 300% in 2021 compared to 2020. 

These attacks have increased dramatically as attackers have realized organizations are failing to secure infrastructure from third-party suppliers. 

For instance, CrowdStrike found that only 36% of organizations had vetted all new and existing suppliers for security purposes in the last 12 months. 

“Most organizations don’t have a clear picture of what code is running in production, where it came from and how it was built. This problem is compounded with the use of open-source software and the sheer number of dependencies that are intertwined. It’s impossible to decide what code should be trusted or not when the data simply isn’t available to make those decisions,” said Chainguard’s cofounder and CEO Dan Lorenc. 

“Furthermore, organizations spend an exorbitant amount of time after a supply chain attack trying to assess if they’re running the vulnerable software and impacted. Chainguard Enforce provides the integrations, tooling insights, and security-controls that make this problem tractable,” Lorenc said. 

Chainguard Enforce offers managable solutions for security concerns in production environments by increasing transparency over what’s running while giving them the information they need to make evidence-based trust decisions on what should and should not be allowed to run in production. 

The software supply chain security market 

With the SolarWinds breach first highlighting the need for supply chain security two years ago, and more recently the Log4j vulnerability wreaking havoc on enterprises around the world, many security providers have stepped up to address the challenge of securing the supply chain, to compete with Chainguard.  

One such competitor is Synopsys, which offers an application security solution with software composition analysis that can detect open-source vulnerabilities in development and production. Synopsys recently announced that it had generated nearly $1.2 billion in revenue for the fourth quarter of 2021. 

Another competitor is the recently launched Israeli startup, Legit Security, which earlier this year raised $30 million as part of a series A funding round, with a software-as-a-service (SaaS)-based software supply chain protection solution, that can automatically discover pipelines, infrastructure, code, and other software development life cycle (SDLC) assets, so users can identify vulnerabilities throughout their environments. 

While the supply chain security market is in its infancy, Chainguard Enforce is looking to differentiate itself by becoming the definitive supply chain security solution for securing the Kubernetes services that many organizations rely on.