Chainguard offers attested builds

Chainguard framed "Commercial Builds" as a partnership program that packages and maintains vendor software inside Chainguard's hardened build pipeline, and the company named early partners including Azul, Chainloop, Elastic, Expanso, F5 NGINX, GitLab, Grafana Labs, Mattermost, Nirmata, Percona, Smallstep and Tiger Data. (prnewswire.com) The new vendor images are produced in Chainguard’s AI-native “Chainguard Factory,” a continuous rebuild system that the company says has generated more than 500 million container build manifests to date. (prnewswire.com) Chainguard’s public catalog shows 2,206 listed images in its online directory, and the company has previously stated it adds roughly 50–100 new images each month to the catalog. (images.chainguard.dev) (chainguard.dev) Commercial Builds include verifiable build metadata such as SBOMs, Sigstore-backed signatures, and claims of SLSA Level 2 build compliance—features also listed on marketplace product pages for Chainguard Images. (aws.amazon.com) (marketplace.microsoft.com) Several partners are already turning vendor artifacts into hardened images: F5 announced delivering NGINX Plus as Chainguard-hardened containers, and Nirmata announced hardened Kyverno images via the program. (community.f5.com) (nirmata.com) At its Assemble 2026 event Chainguard paired the Commercial Builds reveal with product updates spanning CI/CD workflow integration, OS package rebuilding, AI agent skill packaging, and a new Catalog Starter free tier that lets developers choose five images from the catalog. (chainguard.dev) (prnewswire.com) Chainguard describes the Factory’s automation as driven by agentic reconciliation (DriftlessAF) to support large-scale, repeatable provenance for vendor images—a technical foundation the company positions as enabling signed, attested artifacts at the pace of modern CI. (thenewstack.io) (chainguard.dev)