Chainguard VMs provide minimal, purpose-built virtual machine images designed specifically to host containers securely in ephemeral cloud environments. These VMs are rebuilt daily from source to ensure zero known vulnerabilities (zero-CVE) and come with a best-in-class remediation SLA. They reduce engineering overhead by eliminating the need for constant CVE triage and patching, simplify compliance with security frameworks, and enable continuous delivery of updates without disruptive upgrades. Chainguard VMs are optimized for multi-cloud deployment and can be customized to meet specific organizational requirements without additional maintenance burdens.

Key Features

Minimal, Zero-CVE Container Hosts Virtual machines include only essential components to run container hosts, shrinking the attack surface without sacrificing performance.

• Purpose-built for ephemeral, cloud-native workloads
• Zero known vulnerabilities guaranteed through continuous rebuilds

Continuous Rebuilds and Automated Updates VM images are rebuilt from source daily, ensuring timely inclusion of security patches and software upgrades.

• SLA of 7 days for critical CVEs, 14 days for others
• Eliminates need for costly, large-scale software migrations

Simplified Continuous Compliance Designed to meet stringent compliance frameworks like FedRAMP, PCI DSS, and HIPAA by default.

• Zero-CVE hosts accelerate audit readiness
• Reduces compliance complexity and risk

Multi-Cloud Standardization Standardized container host images optimized for major cloud providers and managed Kubernetes services.

• One-click deployment support for AWS, Google Cloud, Azure
• Cloud-agnostic with end-to-end software component integrity

Customizable and Extensible Organizations can tailor Chainguard VMs to their specific container host requirements without increasing maintenance overhead.

• Flexible configurations without compromising security
• Supports integration into existing infrastructure

End-to-End Integrity and Provenance Full transparency on open source components included in the VM images, backed by open attestations and supply chain security.

• Built in SLSA-certified infrastructure
• Eliminates vulnerabilities rather than just identifying them

Benefits

Reduced Engineering Overhead Minimizes time and resources spent on vulnerability management and patching, allowing teams to focus on product innovation.

• Frees engineers from CVE triage and remediation tasks
• Reduces operational complexity and toil

Enhanced Security Posture Provides a secure foundation with minimal attack surface and zero known vulnerabilities, improving overall risk management.

• Protects container hosts from supply chain attacks
• Continuously updated to address emerging threats

Accelerated Compliance and Audit Readiness Simplifies adherence to regulatory requirements by providing hardened, zero-CVE environments out of the box.

• Speeds up audit processes
• Lowers compliance costs and risks

Seamless Cloud-Native Integration Enables consistent, secure container host deployment across multiple cloud environments, supporting modern ephemeral workload patterns.

• Supports both self-managed and managed Kubernetes setups
• Facilitates cloud migration and multi-cloud strategies