Just a week after Chainguard announced Chainguard Factory 2.0, the company has hit a major milestone that demonstrates the scale of the system now running in production.
Last week, Chainguard said that its software factory, rebuilt around its DriftlessAF open-source agentic reconciliation, had produced more than 500 million unique container build manifests to date. DriftlessAF is an agentic framework that enables bots to use both traditional and agentic AI evaluation approaches to automate reconciliation at scale.
“The emergence and adoption of bleeding-edge AI productivity tools within Chainguard has built up a level of agentic expertise across our engineering team,” Chainguard states in a blog post.
Rather than scanning or patching upstream binaries, Chainguard regenerates containers and libraries directly from source whenever a change is detected. Factory 2.0 drives all of this.
It operates as a self-correcting system at a massive scale: Each container build manifest represents a reproducible output of the system, spanning initial builds, dependency and vulnerability-driven rebuilds, tooling changes, and generated SBOMs and signatures, all reconciled toward a secure-by-default state, the company said.
Beyond manifests
In addition to surpassing 500 million container build manifests, with millions more generated every month, Factory 2.0 continuously maintains:
- 2,000+ (2,069 at the time this interview) open source projects, offering a minimal, low- or zero-CVE Chainguard image to projects including go, nginx, and Postgres
- 340,000+ container image versions, delivering rapid availability of new releases and access to historical versions as upstream projects and architectures evolve
- 27,000+ underlying OS packages assembled and maintained over time
Dustin Kirkland, SVP at Chainguard, tells The New Stack that the milestone is a sign of stability.
“We’re on a pretty predictable path at this point of adding images to our catalog,” Kirkland says. “We crossed the number 2,000 unique images completely deduplicated across versions, flavors, and architectures.”
That’s a raw number showing the scope of the unique image package projects that Chainguard has hardened and maintains, with zero CVEs for its customers.
“But the big news, the milestone moment, is that we crossed the 2000 images mark. And we’re not stopping there,” Kirkland says. “We’re adding almost 100 images per month to the catalog at this point.
Half a billion
In addition to the half a billion container build manifests, Chainguard is adding almost a million of those permutations per day, 1.3 million yesterday, Kirkland said. That also includes customers who’ve modified their image or an image that they’re using Chainguard’s custom assembly feature.
That’s something Chainguard announced last year: it allows customers to add or, in some cases, remove images or configurations from their images while still running them through Chainguard’s build system and remaining covered by Chainguard’s service-level agreements.
“Securing the entire software supply chain requires deep technical prowess and automation,” said Dan Lorenc, CEO and co-founder of Chainguard. “Our software factory continuously rebuilds every open source component that engineering teams rely on directly from source and maintains these components continuously over time.”
400 organizations
Nearly 400 organizations, from Fortune 500 organizations to startups, use Chainguard Containers. In the past quarter, companies like Black Duck, Nelnet, Rocket Lab, and SolarWinds began building with Chainguard.
“At Second Front, we make it faster and easier to deliver secure, compliant software to government teams and missions where security is non-negotiable,” said Jeff Davis, senior staff platform engineer at Second Front, in a statement. “Access to Chainguard’s full catalog gives us access to an extensive library of secure, trusted open source images. No surprises, no hoops to jump through, just the freedom to move fast with security and trust built in.”
Chainguard also added new features to simplify the customer experience, including improvements to the Helm Chart user experience and predictable lifecycle management through Chainguard’s new end-of-life updates.
The post Chainguard’s AI-powered factory hits 500 million builds appeared first on The New Stack.