Today, the security company announced its first product, Chainguard Enforce, a closed-source supply chain security tool developed natively for.
Users are able to define, manage, and distribute security policies across their Kubernetes environments, ensuring that only trusted container images are seen in clusters.
Chainguard Enforce helps security teams to mitigate in Kubernetes production environments, giving them greater control over what is permitted, and allowing greater transparency in the code running.
Securing the supply chain
Chainguard Enforce's launch comes as more organizations are becoming more concerned about cyber criminals targeting vulnerabilities in the software supply chain, with emphasis on the fact that supply chain attacks surpassed 300% in 2021, comparative to 2020.
These incidents have increased dramatically as attackers realized that organizations are failing to provide infrastructure to third-party suppliers.
In the last 12 months, only 36 percent of businesses had done so for security purposes.
Some businesses don't have a clear picture of what code is running in production, where it was founded, and how it was developed. This problem is compounded with the use of open source software and the sheer number of dependencies that are intertwined. It's impossible to determine whether code should be trusted or not when the data is simply not available to make those decisions, said Dan Lorenc.
"Parloughly, organizations spend an excessive amount of time following a supply chain incident trying to determine if they're operating the vulnerable software and impacted. Chainguard Enforce provides the integrations, tooling insights, and security-controls that make this problem tractable," said Lorenc.
Chainguard Enforce strengthens production environments' security concerns by increasing transparency on what's running, while allowing them the information they need to make evidence-based trust decisions about what should and should not be allowed to run in production.
The security industry in software supply chain has evolved.
Many security providers have stepped up to address the challenge of securing the supply chain, to compete with Chainguard for the first time a year ago.
One of the companies that have engaged in this business is, which has developed an application security solution with a software composition analysis that can detect open source vulnerabilities in development and production. Synopsys recently announced that it had generated $1.152 billion in in for the fourth quarter of 2021.
Another competitor is the recently launched Israeli business, which raised $30 million as part of a Series A series, which combines Saas-based software supply chain protection, and allows users to instantly discover pipelines, infrastructure, code, and other software development lifecycle assets.
While the supply chain security world is in its jeopardy, Chainguard Enforce is looking to become a certified supply chain security solution for protecting the Kubernetes services that so many organizations depend on.