Channel partner programs, MSP, Container security

Chainguard Launches Partner Program to Deliver Secure Open Source Code

Secure open source vendor Chainguard has launched its first channel partner program to help partners boost the sales and distribution of its security-hardened container images and other secure open source code.

With open source code making up some 90% of modern software applications, Chainguard takes popular open source code and rebuilds it to fix its security vulnerabilities and flaws, then sells the improved and hardened code to customers so they can make their applications more secure. These trusted open source offerings include Chainguard Containers, a group of about 1,600 pre-built and verified container images that are designed to be free of Common Vulnerabilities and Exposures (CVEs), which can cause major security issues in poorly written code.

Chainguard’s new channel program is designed to help the company grow its unique offerings through a two-tier structure that gives partners more earnings, pricing, training, and go-to-market benefits as they build their sales and customer engagements.

Another major benefit touted by Chainguard is that partner program members will gain opportunities to be involved early in this emerging market, where guaranteed secure code is hardened and made available to customers so they can build secure applications from the start.

Rob Baumhardt, senior director for Chainguard’s channel in the Americas, told ChannelE2E that before creating the channel program the company worked with solution providers on a case-by-case basis when a customer specifically wanted to work through a channel partner.

“Those early collaborations helped us understand how our products fit into customer CI/CD workflows and how they deliver value in both security and developer productivity,” said Baumhardt. The new partner program will help the company ensure that its partners have the support they need to successfully bring Chainguard to more customers, he added.

“Channel customers face mounting pressure to deliver software faster, comply with increasingly stringent regulations, and defend against sophisticated supply chain attacks—all at once,” he said. “This program makes it even easier for channel partners to offer their customers a solution that accelerates compliance, strengthens their security posture, and allows their engineers to build more securely and efficiently from the start.”

Some 200 companies use Chainguard’s secure code today to protect their software supply chains, said Baumhardt.

High-profile supply chain attacks in the past, including the damaging SolarWinds, Log4Shell, and xz-utils attacks, helped create this market for secure open source code, said Baumhardt. Those attacks and the chaos they caused “demonstrate how upstream dependencies can be exploited to impact thousands of organizations at once,” he said. “Frameworks like FedRAMP, PCI, NIST, and HIPAA, along with sovereign cloud initiatives, push organizations to proactively manage risk, but relying on traditional methods like scanning and manual patching often leaves gaps and consumes valuable engineering time. The launch of the partner program signals strong demand for solutions that deliver trusted open source.”

Filling Critical Trust Gaps in Code for Enterprise Users: Analyst

Paul Nashawaty, principal analyst for AppDev and modernization with theCUBE Research, called Chainguard’s launch of its global partner program innovative and timely.

“It reinforces Chainguard’s core mission: delivering trusted, hardened open source container images,” said Nashawaty. “By rebuilding popular OSS containers in secure, audited environments and offering zero-CVE artifacts complete with signed Software Bills of Materials (SBOMs) and attestations, Chainguard ensures enterprises get the speed and flexibility of open source without the associated security risks.”

Even more important, “partners that deliver hardened open source software help enterprises fill critical trust gaps in modern DevSecOps workflows rather than bloat their stack,” said Nashawaty. “From the enterprise perspective, Chainguard's approach hits multiple high-value points, including empowerment, compliance, and developer velocity.”

Recent research by theCUBE Research shows that 74% of database professionals report downtime or performance issues when using open source software, while 53% flag security, compliance, or data-breach concerns as top pain points, he said.

“Hardened containers with regular security refreshes directly mitigate these challenges, allowing developers to ‘start left’ with secure [original code] and shifting remediation from reactive firefighting to proactive resilience,” he said.

As enterprise open source adoption has become mainstream over the last 20 years, more companies have adopted open source across industries, said Nashawaty. And with data from open source market giant Red Hat showing that 89% of IT leaders believe enterprise open source is as secure, or more secure, than proprietary alternatives, open source use is here to stay, he added.

“The Chainguard model takes this confidence a step further by operationalizing security guarantees, not just perception, making hardened OSS a practical, trusted option rather than a theoretical one,” he said.

Todd R. Weiss

Todd R. Weiss is a contributing editor to ChannelE2E and MSSP Alert. He is an award-winning technology journalist and freelance writer who covers the full range of B2B IT topics. He served as managing editor at EnterpriseAI.news and was a staff writer for Computerworld and eWeek.com. He is a diehard Philadelphia Phillies, Eagles, Flyers and Sixers fan and says he is the world’s worst golfer.

You can skip this ad in 5 seconds