Build software better with Chainguard

Yes. Customers committed to multi-year agreements or higher usage qualify for discounts.

Yes. If you adopt multiple Chainguard products — containers, libraries, and virtual machines — you’ll receive bundled pricing that reduces your overall cost when compared to buying each product individually.

Yes. Startup and SMB specific pricing options are available for qualified organizations.

Yes. Public sector specific pricing options are available for qualified organizations across federal, state and local, and higher education. Please contact the public sector team to learn more.

Once you mirror a Chainguard artifact to your environment, it’s yours to keep.

Chainguard believes in the ethos of an open ecosystem. We have partnered with leading open source and enterprise vulnerability scanners such as Snyk, Grype, Trivy, AWS Inspector, Wiz, GitLab, CrowdStrike, Qualys, and more. Check out our full list of scanner integrations here. 

Chainguard also integrates with popular artifact managers like JFrog Artifactory, Cloudsmith, Harbor, Nexus, Google Artifact Registry, Docker Hub, Amazon ECR, Microsoft ACR, and more. That means customers can pull images directly from Chainguard’s registry or mirror them to the artifact manager of their choice. Read our docs to learn more. 

Chainguard offers two licensing models for our container images: Catalog-based licensing and Per-Image licensing. 

With the Catalog model, your organization gets access to the full breadth of Chainguard’s 1,800+ images, with zero friction. Pricing is determined by the size of the engineering organization that operates in containerized environments. This approach uses team size as a proxy for both usage and the value delivered, making it well-suited for organizations that rely heavily on Chainguard Containers. Note that pricing scales non-linearly – if your engineering org doubles in size, your cost doesn’t double – to ensure pricing remains aligned with value as your team grows. 

Alternatively, the Per-Image model is structured around the number and type of container images in use. Pricing in this model takes into account both the count and complexity of the images—whether they're base images, application-specific, AI-focused, or FIPS-compliant. This model is ideal for teams with more targeted use cases for Chainguard Containers.

Chainguard offers a select set of ~50 container images that are freely available for developers to test and deploy. These images include only “:latest” version tags and are not covered under our CVE remediation SLA.

• Base: Languages and frameworks that developers build on top of (i.e., modify) for their use case.

• 3rd Party Apps: Servers, databases, CI/CD infrastructure, and dev tools, that developers drop in and use as-is.

• AI/ML: Applications that handle ML model operations and GPU-enabled computation.

• FIPS: Container images that leverage FIPS-validated encryption and OS-level STIGs. 

Chainguard Libraries is licensed by the size of your engineering org using a language ecosystem (currently Python, Java, and JavaScript). For example, if your organization uses Python in production, we charge based on the number of developers who write, build, or deploy systems that rely on those Python libraries.

You only pay for the developers using each language you license. So if you have developers using both Python and Java, each group is licensed separately based on its size tier.

With thousands of the most popular, unique libraries already built, we likely have the majority of what you need. Reach out to your account team to check your current coverage for your specific environment. We’re actively adding high-priority libraries that our customers depend on, and we’re happy to prioritize anything you need that’s not already available.

Chainguard offers two primary licensing models for its VM images: Catalog-based licensing and Per-Image licensing. 

With the Catalog model, your organization gets access to the full breadth of Chainguard’s VM catalog, along with newly added images. Pricing is determined by the size of the engineering organization that manages VMs. This approach uses team size as a proxy for both usage and the value delivered, making it well-suited for organizations that rely heavily on Chainguard VMs across multiple teams or projects.

Alternatively, the Per-Image model is structured around the number and type of container images in use. Pricing in this model takes into account both the count and complexity of the images—whether they're container hosts, base images, application-specific, or FIPS-compliant. This model is ideal for teams with more targeted use cases for Chainguard VMs.

1. Container Host VMs: VMs optimized to run containers.

2. Base VMs: Minimal, hardened operating system images for general use or specific language runtimes.

3. Application VMs: Pre-configured images with embedded software that are ready to deploy.

4. FIPS VMs: Images featuring FIPS-approved cryptography and STIG hardening for regulated environments.