Chainguard, the software supply chain security company, has joined the Docker Verified Publisher (DVP) program, marking the official availability of its Chainguard Developer Images on the industry’s most popular container image registry.

Docker Hub has more than 10 million accounts and nearly 500 billion pulls from the Docker community. With this new partnership, Chainguard Developer Images are giving Docker Hub users access to secure, minimal container images for its growing inventory of popular cloud-native and open source projects, including Python, Node, Java and more.

“Development teams are increasingly prioritizing high quality base images as the key starting point for improving their supply chain. The Docker Verified Publisher program is a key part of Docker’s mission to provide a broad range of trusted, high quality content,” said Justin Cormack, CTO, Docker. “We welcome Chainguard to the DVP program, giving more options for a range of minimal, hardened images to developers.”

“Chainguard has built the largest library of open source software that is secure by default,” said Dan Lorenc, CEO and co-founder of Chainguard. “With this partnership, Docker users can now access a trusted resource for secure, hardened, high-quality images, enhancing their ability to meet stringent security standards with confidence.”

Unlocking the benefits of Chainguard Images

Chainguard Developer Images are available for free for a wide variety of open source libraries and languages, offering a low-to-zero CVE commitment that allows developers to focus on building secure applications and provides security teams peace of mind that vulnerabilities are remediated and fixed quickly across the software development lifecycle. The company also provides Chainguard Production Images that meet enterprise requirements for patching Service Level Agreements (SLAs), FIPs-validated images for FedRAMP, and secure AI images.

The partnership between Chainguard and Docker represents a pivotal step forward in both companies’ shared goal of securing the global software supply chain, ensuring that developers have access to the most secure resources and technologies they need to succeed in a rapidly evolving digital landscape.