Introducing Chainguard's Trust Center
Security is in our DNA at Chainguard. We believe that any individual security control is fallible, and so we embrace a defense-in-depth model where we apply a wide array of complementary security controls across the company. We have a dedicated security team working to secure all layers of our internal supply chain and product infrastructure, and are regularly conducting penetration tests for our products and contributing to open source security improvements.
Today, we are launching Chainguard's Trust Center, a dedicated platform where we proactively share security, compliance, and privacy information with our users and customers. This center is a testament to our commitment to transparency and our unwavering dedication to building trust with our community.
Trust, but verify
The Chainguard Trust Center provides customers and users with easy access to the following resources:
Independent security assessment: Comprehensive reports detailing the results of regular penetration testing conducted by Trail of Bits. In addition to the Trail of Bits security assessment, we have published a blog post highlighting the results and actions we have taken.
SOC 2 audit: SOC 2 Type 2 audit report demonstrating our commitment to maintaining robust security controls and processes.
Chainguard’s hardening guide: A comprehensive guide outlining the hardening measures we implement across our products and infrastructure.
Privacy policy: Detailed information about how we collect, use, and protect personal data.
Data subprocessors: A list of third-party subprocessors we engage with and the security measures they have in place.
Information security policies: Our comprehensive set of information security policies and procedures.
We are currently in process of meeting and/or obtaining certification for several compliance frameworks and standards, including but not limited to ISO 27001, NIST 800-171, SLSA and SOC2 Type 2.
Chainguard is enabling the world to easily adopt a secure-by-default software supply chain foundation with our Chainguard Images solution. To enable this for our customers and users, we also focus on securing every layer of our infrastructure and products, including components of our own supply chain.
Customers and users need to know that they can rely on the security and integrity of the products and services they use. The Chainguard Trust Center provides a single source of truth for all relevant security, compliance, and privacy information, enabling our customers and users to make informed decisions about working with us.
We also were an original signatory of the Cybersecurity Infrastructure Security Agency’s (CISA) Secure by Design pledge because we believe in building software right from the start, not after the fact. We are pleased to share that we meet or exceed every principle outlined in that initiative.
We invite you to visit the Chainguard Trust Center to learn more about our security, compliance, and privacy practices. We hope that this initiative will strengthen our relationships with our customers and users and contribute to a more secure and trustworthy digital ecosystem.
Additional Resources:
Ready to Lock Down Your Supply Chain?
Talk to our customer obsessed, community-driven team.