What to Expect at Chainguard Assemble 2025

The growth we’ve experienced at Chainguard over the past year has been astounding. Over 100 organizations have enlisted Chainguard for their container images, allowing them to build better software and increase security. And we’ve built over 1,000 container images from across the open source ecosystem that are tailor-made for our customers’ various needs and use cases.

Chainguard Assemble is our new annual event to bring together the security and engineering leaders as Chainguard builds the future of secure software development.

At our inaugural event, we’ll make several major announcements across product, engineering, and security. These announcements build toward our commitment to a future where security and innovation move in lockstep. This vision will be shared in greater detail by Chainguard’s founders, customers, and leadership throughout the event.

Assemble will be in-person on March 25 at Convene in San Francisco. This blog will preview all the major agenda items we’ll cover at the event. Register today and come meet us in real life!

Sessions at Chainguard Assemble 2025

Opening Keynote – 9:00-10:00 a.m. PT

Dan Lorenc, CEO, Co-Founder; Matt Moore, CTO, Co-Founder; Kim Lewandowski, CPO, Co-Founder

The opening keynote at Assemble will feature three of Chainguard’s founders. They will talk through the history of Chainguard and why the problems we are solving at Chainguard matter, and they will make several key product and innovation announcements. This session will be live-streamed on Chainguard’s LinkedIn for anyone unable to attend the event in person.

Chainguard Product Deep Dive – 10:15-11:00 a.m.

Julian Dunn, Senior Director, Product Management; Dan Fernandez, Staff Product Manager; Mark Baker, Principal Product Manager; Sourabh Katti, Senior Product Manager; Tony Camp, Staff Product Manager 

Immediately following the opening keynote, the “Chainguard Product Deep Dive” will offer attendees a chance to learn more about Chainguard’s product announcements. This will include demos, explanations, and direct access to the Chainguard product team for an open Q&A.

The Old, the New, and the Strange: Securing Deep Learning – 10:15-11:00 a.m.

Patrick Smyth, Staff Developer Relations Engineer

Artificial intelligence (AI) and deep learning are hot topics in software development, and it is important to consider the security implications of the technologies involved. In “The Old, the New, and the Strange: Securing Deep Learning”, Chainguard Staff Developer Relations Engineer Patrick Smyth will look at security threats in deep learning such as data poisoning, input manipulation, and model inversion. This session will break down the common approaches to security in deep learning and where innovation is needed (and has already occurred).

DoD Data Program Case Study: Enhancing Security and Efficiency – 11:15 a.m. - 12:00 p.m.

Dylan Shepard, Lead Engineer, Booz Allen Hamilton

This session from Chainguard customer Booz Allen Hamilton is a detailed case study on how the Department of Defense (DoD) utilized Chainguard's secure container images to enhance the security and efficiency of a major data program. Learn about the initial challenges they faced that drove the selection of Chainguard, and find out why it was important to modernize the platform to achieve growth and scale, manage vulnerabilities, and ensure compliance with stringent security standards.

Inside Chainguard's Factory – 11:15 a.m. - 12:00 p.m.

Dustin Kirkland, VP of Engineering

Chainguard is different. We built a new distro, designed from the ground up for continuous nano-updates rather than big releases. We built a factory that is among the fastest in the world at building from source and patching deeply into dependencies. Learn how it works and why we think nothing less will solve software supply chain security. Join this session to understand how Chainguard builds guarded open source software that dramatically accelerates and streamlines the standardization of open source usage within an organization.

ATO or Bust: Mastering the Technical Requirements for FedRAMP – 1:40-2:25 p.m.

Ken McDonald, Distinguished Software Architect, Checkmarx; Orion Foeller, Lead, Public Sector Infrastructure & Security Engineering, Scale AI; Karan Sondhi, VP, Chief Technology Officer - Global Public Sector, Trellix; Maya Kaczorowski, CEO, Oblique; Aaditya Jain, Sr. Product Marketing Manager, Chainguard

This session will feature a panel discussion on FedRAMP and all its technical requirements. Experts from across industries will discuss balancing the continuous delivery of new features, managing incidents and bugs, and navigating increasingly complex deployment models—often with limited bandwidth to address the growing list of security and compliance requirements. The panel will cover the unexpected twists and turns of compliance in a containerized environment and how Chainguard is the fastest, trusted way to get your ATO.

Seamless Migration to Chainguard: A Maturity-Based Approach to Secure Container Adoption – 1:40-2:25 p.m.

Jaime Mickelson, Director, Professional Services; Gem Wang, Principal Customer Success Manager

Migrating to a new distro might seem daunting, but with Chainguard, it doesn’t have to be. In this session, Chainguard experts will walk you through our structured migration approach tailored to your organization’s level of container maturity. Whether you’re just starting with secure container adoption or operating at an advanced level of automation, we’ve developed proven migration patterns that make the transition smooth and predictable. You’ll learn how our container images, built on widely used open-source components, integrate seamlessly into existing workflows, reducing friction and accelerating adoption.

Confluent's Journey to Distroless: Pitfalls and Lessons Learned – 2:35-3:20 p.m.

Luke Young, Principal Security Engineer, Confluent

Confluent Cloud is a data streaming platform built on thousands of Kubernetes clusters across AWS, Azure & GCP covering over 90 regions. Within those Kubernetes clusters, Confluent runs hundreds of unique services/images. This session shares Confluent’s journey of migrating those services to distroless images, highlighting the obstacles and lessons learned along the way. Confluent will discuss practical on the ground advice for companies starting their own distroless migration and how to make it a success for your security team and your developers.

Closing Keynote and Customer Awards – 3:50-5:00 p.m.

Oz Pearlman, Mentalist

In the Closing Keynote, Chainguard President Ryan Carlson will emcee a lively session featuring a performance from world-renowned mentalist Oz Pearlman and Chainguard’s first ever Guardian Awards, honoring our innovative and forward-looking customers.

Workshops at Chainguard Assemble 2025

Creating Secure Minimal Containers with the Chainguard Static Images – 10:15-11:00 a.m.

Adrian Mouat, Staff Developer Relations Engineer

During this hands-on workshop, we will build images from scratch that have low-to-zero CVEs and are much smaller than standard container images. This hands-on session will be focused on producing images for compiled languages that can produce static binaries, such as Go, Rust and C.

Debugging with Chainguard Images – 11:15 a.m. - 12:00 p.m.

Adrian Mouat, Staff Developer Relations Engineer

Having minimal images with no shell or package manager is great for security but can be tricky when trying to investigate issues with deployment. In this hands-on workshop, we'll walk through various options and techniques for debugging Chainguard Images for a widely applicable set of applications.

Docker 102: Advanced Container Security – 1:40-3:20 p.m.

Eric Smalling, Principal Solutions Architect

This workshop is for those looking to deepen their expertise in container security, image optimization, and advanced Docker techniques. You'll explore how Chainguard Images are built, maintained, and updated to achieve a zero-CVE goal. We’ll focus on security, reproducibility, and supply chain integrity, which are fundamental principles for Chainguard. The session will go beyond 101 basics, covering advanced image construction, container optimization strategies, and secure ways to modify distroless images for your specific requirements. Participants will gain hands-on experience with real-world tools and techniques for building scalable, production-ready containers.

Migrating Applications with Dependencies to a Minimal Distroless Base – 2:35-3:20 p.m.

Adrian Mouat, Staff Developer Relations Engineer; Eric Smalling, Principal Solutions Architect

Chainguard's distroless production images represent our most secure images. By reducing dependencies to a minimum, we both reduce the amount of software that has potential exploitable vulnerabilities and make attackers work harder by removing potential tools. However, taking advantage of these images can be difficult; often legacy applications have dependencies such as entrypoint scripts or healthchecks that require tooling such as shells not normally present in Chainguard's production images. This tutorial will guide you through the migration options and break things down into achievable steps.

Lightning Talks at Chainguard Assemble 2025

Lightning Talks are 10-minute sessions on special topics. All Lightning Talks at Assemble will take place from 1:00-1:30 p.m. The organizations giving Lightning Talks include:

• Army Software Factory

• Cisco

• Plainsight Technologies

• Roblox

• Shift5

• Automotive Industry Expert

Join us on March 25 in San Francisco

Assemble is going to be a great chance to network, learn, and have fun with the coolest developers and security professionals—all committed to creating a future of software development that is secure and ripe with innovation.

Save your spot today.