Terms & Policies
Learn more about Chainguard policies and our legal documents.
Chainguard Images Deployment Implementation with SecondFront
Services Objective and Overview
Chainguard Images are low-to-no CVE minimal, hardened container images. Chainguard Images are secure by design with SBOMs, signatures, and SLSA provenance, and are rapidly updated with security patches to reduce your attack surface and provide the foundation for secure and efficient application development at your organization.
As part of this service, SecondFront (“2F”) along with Chainguard’s Professional Service team will partner with the Customer to deploy, validate and test the images, and train the Customer on how to deploy refreshed images.
This Chainguard Service Brief for the Deployment Implementation Services (the “Service Brief”) effective as of the Effective Date of the Order Form (the “Service Brief Effective Date”) described the scope of work to be provided to the customer identified in the Order Form (“Customer”) by Chainguard, Inc. (“Chainguard”) in connection with SecondFront and is governed by the terms of the Master Services Agreement, unless there is a separate primary agreement by and between Customer and Chainguard (the “Governing Agreement”) which shall govern. Each of Chainguard, SecondFront, and Customer are sometimes referred to herein individually as a “Party” and collectively as the “Parties”.
1. Scope of Services
a. Description of In-Scope Implementation Services
During the Service Brief Term (defined below), Chainguard and SecondFront will perform the services detailed below (the “Implementation Services”) to deploy up to five (5) Images, provided, however, that Customer satisfies its responsibilities and assumptions as further detailed in Section 4 of this Service Brief. The Party providing the various Implementation Service(s) is identified in the “Responsibility” column below. In the event Customer is requesting Implementation Services for more than five (5) images, any additional images after five (5) will require an additional purchase of Implementation Services subject to Chainguard’s current offering and as set forth in the Order Form. Customer acknowledges and agrees that the scope of Implementation Services is explicitly limited to the Implementation Services and each of the corresponding stages in the Implementation Timeline (each, a “Milestone,” and collectively, the “Milestones”) detailed in Section 3 of this Service Brief, and that all other configuration, ongoing support, or consulting services are outside the scope of this Service Brief. Further, this Service Brief is not intended to add or modify any terms of the Governing Agreement or the applicable Order Form.
| Responsibility | Implementation Service | Description |
|---|---|---|
| 2F | Kickoff | Schedule and conduct the Kickoff for project and implementation proceedings |
| Image Registry Configuration | Create and configure the Customer’s private Chainguard Image registry instance (“repo”) | |
| Image Synchronization | Ensure (up to five) Chainguard Images identified in the contract are synchronized into the repo | |
| Access | Grant appropriate access to the repo for Customer personnel and systems | |
| G2 | Education and Enablement |
Train and enable the Customer:
|
| Validation | Validate, test, and ensure all contractually purchased Chainguard Images successfully meet acceptance criteria | |
| Support | Orient and instruct on the designated support communication channels (i.e. Zendesk Support and Slack) |
b. Out-Of-Scope
Customer acknowledges and agrees that the scope of Implementation Services is explicitly limited to the Implementation Services detailed in this Service Brief, and that all other configuration, ongoing support, or consulting services, including, without limitation, the following items, are outside the scope of this Service Brief.
2. Implementation Timeline
The “Service Brief Term'' commences as of the Service Brief Effective Date and shall conclude thirty days from such date ( the “Service Brief Expiration Date”). During the thirty day implementation, Customer may request that the Parties will have one meeting each week, up to 4 weeks, with each meeting lasting no longer than thirty (30) minutes.
Customer acknowledges and agrees that Chainguard’s ability to perform the Implementation Services during the Service Brief Term depends upon Customer’s timely cooperation and collaborative participation at all times.
3. Project Team
Five (5) business days following the Service Brief Effective Date, Chainguard will staff an implementation team with the skills and experience required to successfully complete the Implementation Services (the “Project Team”). The Project Team shall be experienced in deploying the Implementation Services. The resources assigned to perform the Implementation Services will remain assigned to the Implementation until the Service Brief Expiration Date, but are not dedicated full-time to Customer’s Implementation. Chainguard reserves the right to replace, remove or add members of the Project Team as it deems reasonably necessary. Should this occur, Chainguard will coordinate with Customer to minimize the impact.
4. Customer Responsibilities & Implementation Assumptions
Chainguard’s performance of the Implementation Services is contingent on certain Customer responsibilities and Implementation assumptions set forth below. Customer acknowledges and agrees that timely completion of the Implementation is based upon Customer’s compliance with each of the following:
Customer understands that Chainguard’s ability to perform the Implementation Services during the Service Brief Term depends upon Customer’s timely cooperation and collaborative participation with Chainguard.
Customer will ensure that the appropriate resources (including, without limitation, the necessary business stakeholders, subject matter experts, and/or IT personnel for functional requirements gathering and implementation) attend and participate in all meetings, working sessions, training, and testing.
Customer is responsible for any organizational change management activities to support the Implementation.
Customer is responsible for the performance of its employees and agents, including any contribution they make to the Implementation, and for the accuracy and completeness of all data, information, and materials provided to Chainguard.
The Implementation Services may include advice and recommendations, but Customer understands that all decisions in connection with the implementation of such advice and recommendations will be the responsibility of, and made by, Customer.
Any materials shared by Chainguard that Chainguard makes available to similarly situated customers (by way of example only, training materials, Help Center articles, etc.) are for illustrative purposes only, and Customer is solely responsible for the use, performance, maintenance, and risks associated with such materials.
A delay impacting the Implementation caused by any third-party vendor providing services or products to Customer will be considered Customer’s responsibility.
Customer will obtain, at its own cost and expense, all third-party software, licenses, warranties, required hardware, and maintenance agreements.
Customer is responsible for overall project management, template rationalization, business process design, testing, end user training, change management, and any integration build not explicitly listed or defined in this Service Brief.
Customer understands that during the Implementation Services, Workflows are defined as below:
The Implementation Services will be provided remotely via videoconferencing and in English.
5. Implementation Services Fee
The fee for the Implementation Services shall be set forth in the Order Form (the “Fee”). In the event of a material change in scope that impacts the Fee and/or the Service Brief Term, the Parties shall execute a change order.
6. Order of Precedence
In the event of any conflict between the terms of this Service Brief, the Governing Agreement, and the applicable Order Form, the following order of precedence shall govern: (i) first, this Service Brief (only with respect to the subject matter of this Service Brief); (ii) second, the Governing Agreement; and (iii) third, the applicable Order Form (unless the Special Contractual Terms section of the applicable Order Form clearly specifies that it modifies the Governing Agreement or this Service Brief, as the case may be).