Chainguard and vendors roll out automated secure-build tools

Chainguard Actions — a secure‑by‑default library of CI/CD workflows for developers and AI coding agents — was announced at Assemble on March 17, 2026. (prnewswire.com) Chainguard OS Packages delivers enterprise‑grade, zero‑known‑CVE packages and base images built from source and continuously maintained in Chainguard’s Factory. (chainguard.dev) Chainguard says its package ecosystem exceeds 30,000 enterprise packages and each artifact is published with SBOMs and provenance. (thenewstack.io) Catalog Starter, launched at Assemble, gives developers free immediate access to five trusted, continuously‑rebuilt Chainguard container images to kickstart projects. (chainguard.dev) Chainguard Commercial Builds is a new partner program to produce hardened, verifiable container images for commercial software; early partners named include GitLab, Elastic, F5 NGINX, Grafana Labs, Azul, Chainloop and others. (prnewswire.com) The Commercial Builds initiative packages vendor software with Chainguard’s secure‑by‑default Factory guarantees including provenance and predictable security outcomes. (chainguard.dev) Chainguard’s Factory 2.0, rebuilt around the open‑source DriftlessAF agentic reconciliation framework, has produced more than 500 million unique container build manifests to date. (prnewswire.com) Chainguard Agent Skills launches a continuously maintained catalog of hardened AI agent skills (ingesting popular skill repos) with full audit trails and automated hardening. (chainguard.dev) The company also introduced the Guardener — an AI agent to migrate legacy Dockerfiles to low‑to‑zero‑CVE images — and Chainguard Repository, which unifies access to Containers, Libraries, OS Packages, Agent Skills, Actions and VMs while enforcing automated compliance policies. (morningstar.com)