Key Takeaways from Chainguard Assemble 2025

Earlier this week, over 300 people came together in San Francisco for Chainguard Assemble 2025, our inaugural conference for security and engineering professionals. This event was a key moment for us and our customers as we build towards a future of secure software development—with new product announcements and partnerships to build software better.

If you were unable to attend in person, don’t worry! You can view the keynote recording—where you’ll hear all of the day’s announcements—above, and on our YouTube channel. We will also be uploading recordings of select breakout sessions and lightning talks to YouTube in the coming weeks. Across the event, we saw a clear theme: building in security from the start can enhance innovation.

The importance of software supply chain security has only become more apparent over the past several years. In the World Economic Forum’s Global Cybersecurity Outlook for 2025, over 54% of large organizations identified supply chain challenges as the biggest barrier to achieving cyber resilience. Utilizing open source software in a secure way within the supply chain is a challenge organizations are working to conquer across every industry. With Chainguard Containers, and our new products, Chainguard Libraries and Chainguard VMs, we are making that much easier.

Delivering the constant iteration and security improvements of open source software is the ethos of what we do at Chainguard. Powering our products is our distro Chainguard OS, which goes beyond the downstream maintainers to enable the highest possible security, performance, and efficiency for our customers. Those principles—and our drive to be the secure foundation for open source software—led us to Assemble, and to our next generation of products and partnerships.

Chainguard Libraries

Announced during the Assemble keynote, Chainguard Libraries is a catalog of guarded Java dependencies, built entirely from source within Chainguard’s SLSA-certified infrastructure. Designed for seamless and secure enterprise adoption, Chainguard Libraries takes a different approach from traditional public package registries, which offer minimal scrutiny of hosted artifacts.

With Chainguard Libraries, organizations gain a single, standardized source for developers to consume language libraries securely, without compromising supply chain integrity. It streamlines package curation, integrates smoothly into existing developer workflows, and reduces operational overhead. By securing the build and distribution stages of the library lifecycle, Chainguard Libraries helps enterprises accelerate development while maintaining the highest security standards.

Chainguard Libraries is now available in Beta. You can learn more about the new product line in this blog and you can check out our documentation here. If you are interested in trying it out, please get in touch.

Chainguard VMs

Also announced during the Assemble keynote, Chainguard VMs is a catalog of guarded, minimal, zero-CVE container host images. Purpose-built for modern, ephemeral cloud workloads, Chainguard VMs stand in sharp contrast to the traditional, general-purpose VMs and operating systems that currently dominate the container host market.

Built entirely from source within SLSA-certified infrastructure, Chainguard VMs contain only the essential components needed to function as a container host, along with a cloud-optimized kernel. This minimal approach reduces the virtual machine’s attack surface, enhancing both security and efficiency without sacrificing performance. Like Containers and Libraries, Chainguard VMs are powered by the Chainguard OS and Software Factory, enabling complete control over the software supply chain. This allows Chainguard to continuously rebuild VM images in response to security updates and provide industry-leading remediation SLAs for CVEs. By minimizing the burden of golden image maintenance, Chainguard VMs offer enterprises a secure, standardized foundation for integrating open-source components.

Chainguard VMs is in Early Access, and we are looking for interested design partners who want to shape the future of the product with our engineering, product, and design teams. Discover more about Chainguard VMs, and reach out if you are interested in participating in Early Access.

New Partnership: Chainguard and Datadog

Chainguard and Datadog announced a new partnership at Assemble. Together, Chainguard and Datadog will combine container observability with clear, prioritized actions to help engineering and security teams eliminate CVEs and improve software development velocity. Our new integration is surfaced through a Chainguard dashboard in Datadog, where customers can gain real-time insights into container risks, receive clear remediation recommendations, and seamlessly transition to more secure alternatives — improving performance while reducing security threats.

The dashboard will be available to all Datadog customers, offering a holistic view of existing container infrastructure and associated CVE risks, including:

• Containers built using Chainguard images

• Longest running container images

• Vulnerabilities in most widely-used images

• Chainguard alternatives for insecure container images

Learn more about our partnership with Datadog and how it works.

The Time is Now

Throughout all the sessions, keynotes, and lightning talks, it was apparent how excited everyone is about transforming secure software development and building a better future. We’ve outlined this vision before, but it goes beyond Chainguard. Companies across the globe are recognizing the need to improve the way software is consumed and built.

The sessions at Assemble ran the gamut of security and development topics—from workshops on advanced container security and debugging to philosophical discussions on the way software is built and maintained. There were also lots of moments of fun with our mascot Linky, and a resonant closing keynote featuring mentalist Oz Pearlman alongside our first ever Guardian Awards.

We’re thankful for everyone who has supported us on this journey thus far, and for everyone who showed up in person at Assemble to let us know how much they believe in a better future of secure software development. See how we can help you build software better at your organization today!