Chainguard crosses 500 million container rebuilds, using an automated, AI-powered factory model to continuously secure open source software and remove supply chain risk for engineering teams.
Chainguard has surpassed 500 million unique container build manifests, marking one of the largest automated rebuild operations in the open source container ecosystem and strengthening its position as a trusted source for continuously rebuilt, secured and compliant container images.
The company operates an automated “software factory” that rebuilds every open source component directly from source rather than relying on upstream binaries. This continuous rebuilding model is designed to cut vulnerabilities at the root, reduce supply chain risk and help engineering teams ship faster without compromising trust or compliance.
Scale underpins the approach. Chainguard now generates millions of builds each month, covering more than 2,000 open source projects, 340,000+ architecture-specific image versions and 27,000+ unique underlying OS packages. The catalogue supports modern stacks including go, nginx and postgres, while maintaining both current and historical versions for stability.
At the core is the Chainguard Factory, an automated assembly-line build system that continuously monitors, rebuilds and delivers secure images. Its second-generation platform, powered by DriftlessAF, uses resilient, self-correcting automation and AI-driven reconciliation bots to trigger dependency updates, vulnerability-based rebuilds, SBOM generation, cryptographic signing and custom image creation, with a focus on low- or zero-CVE containers.
“Securing the entire software supply chain requires deep technical prowess and automation,” said Dan Lorenc, CEO and Co-Founder of Chainguard. “Our software factory continuously rebuilds every open source component that engineering teams rely on directly from source and maintains these components continuously over time. The depth and breadth of our software catalog means teams that build with Chainguard never have to choose between speed and trust.”
As enterprises rely more heavily on open source infrastructure, Chainguard is positioning automated, continuously rebuilt containers as the new default for secure software delivery.
