Chainguard

Chainguard builds, secures, and maintains a catalog of hardened, minimal container images and software supply chain security tools. Its flagship Chainguard Images rebuild open source software from source daily on a zero-known-CVE promise, signed with Sigstore, and distributed through the cgr.dev registry. The Chainguard platform exposes REST APIs, a command- line tool (chainctl), a Terraform provider, and an SDK for managing organizations, IAM, image repositories, registries, vulnerabilities, and event subscriptions. Chainguard Libraries extends the model to language ecosystems (Java, Python, Go, Node.js).

6 APIs 26 Features

Cloud NativeContainer ImagesContainersDevSecOpsKubernetesRegistrySecuritySoftware Supply ChainVulnerability Management

APIs

Chainguard API v2

Chainguard API v2 is the current REST API for the Chainguard platform. Endpoints cover Identity and Access Management (IAM), image registry operations, and vulnerability data un...

Chainguard API v1

Chainguard API v1 is the legacy REST API for the Chainguard platform, covering the same broad surface as v2 (IAM, registry, vulnerabilities) and remaining available for existing...

Chainguard Unified API Spec

The unified Chainguard API specification combines API v1 and v2 definitions in a single reference, useful for tool builders and readers who need a consolidated view of the platf...

Chainguard chainctl CLI

chainctl is the official command-line interface for the Chainguard platform. It provides commands for authentication, IAM, image management, registry operations, event subscript...

Chainguard Terraform Provider

The chainguard-dev/chainguard Terraform provider lets platform engineers provision and manage Chainguard resources (organizations, groups, identities, roles, subscriptions, and ...

Chainguard Images Registry (cgr.dev)

cgr.dev is the OCI-compliant distribution endpoint for Chainguard Images. Standard OCI and Docker tooling (docker pull, cosign verify, oras, crane, etc.) can authenticate with a...

Features

Hardened Images

Minimal Images

Distroless

Zero-Known-CVE

SBOMs

SLSA Attestations

Sigstore Signatures

Cosign Verification

Daily Rebuilds

Wolfi OS Base

OCI Registry

IAM

RBAC

Audit Logs

Event Subscriptions

Vulnerability Feed

Custom Assembly

FIPS Images

STIG Hardening

Libraries for Java

Libraries for Python

Libraries for Go

Libraries for Node.js

Terraform Provider

CLI (chainctl)

REST API

Use Cases

Software Supply Chain Security

Container Hardening

CVE Remediation

Compliance (FedRAMP, FIPS, PCI, HIPAA)

Open Source Dependency Security

Secure Base Images

Air-Gapped Distribution

Kubernetes Workload Security

CI/CD Integration

Image Signing and Verification

Vulnerability Scanning Reduction

Resources

Documentation

DeveloperPortal

DeveloperPortal

TermsOfService

PrivacyPolicy

Sources

aid: chainguard
url: >-
  https://raw.githubusercontent.com/api-evangelist/chainguard/refs/heads/main/apis.yml
name: Chainguard
kind: company
description: >-
  Chainguard builds, secures, and maintains a catalog of hardened, minimal
  container images and software supply chain security tools. Its flagship
  Chainguard Images rebuild open source software from source daily on a
  zero-known-CVE promise, signed with Sigstore, and distributed through the
  cgr.dev registry. The Chainguard platform exposes REST APIs, a command-
  line tool (chainctl), a Terraform provider, and an SDK for managing
  organizations, IAM, image repositories, registries, vulnerabilities, and
  event subscriptions. Chainguard Libraries extends the model to language
  ecosystems (Java, Python, Go, Node.js).
type: Index
image: https://kinlane-productions.s3.amazonaws.com/apis-json/apis-json-logo.jpg
access: 3rd-Party
tags:
  - Cloud Native
  - Container Images
  - Containers
  - DevSecOps
  - Kubernetes
  - Registry
  - Security
  - Software Supply Chain
  - Vulnerability Management
created: '2026-03-26'
modified: '2026-05-19'
position: Consumer
specificationVersion: '0.19'
apis:
  - aid: chainguard:api-v2
    name: Chainguard API v2
    description: >-
      Chainguard API v2 is the current REST API for the Chainguard platform.
      Endpoints cover Identity and Access Management (IAM), image registry
      operations, and vulnerability data under /iam/v2beta1/,
      /registry/v2beta1/, and /vulnerabilities/v2beta1/. v2 introduces
      cursor-based pagination, server-side ordering, consistent resource
      patterns, and structured error responses.
    humanURL: https://edu.chainguard.dev/chainguard/api/spec-api-v2/
    baseURL: https://console-api.enforce.dev
    tags:
      - IAM
      - REST
      - Registry
      - Vulnerabilities
    properties:
      - type: Documentation
        url: https://edu.chainguard.dev/chainguard/api/spec-api-v2/
      - type: Tutorial
        url: https://edu.chainguard.dev/chainguard/api/api-v2-tutorial/
      - type: Authentication
        url: https://edu.chainguard.dev/chainguard/api/authentication/
  - aid: chainguard:api-v1
    name: Chainguard API v1
    description: >-
      Chainguard API v1 is the legacy REST API for the Chainguard platform,
      covering the same broad surface as v2 (IAM, registry, vulnerabilities)
      and remaining available for existing integrations while customers
      migrate to v2.
    humanURL: https://edu.chainguard.dev/chainguard/api/spec-api-v1/
    baseURL: https://console-api.enforce.dev
    tags:
      - IAM
      - Legacy
      - REST
      - Registry
      - Vulnerabilities
    properties:
      - type: Documentation
        url: https://edu.chainguard.dev/chainguard/api/spec-api-v1/
      - type: Authentication
        url: https://edu.chainguard.dev/chainguard/api/authentication/
  - aid: chainguard:unified-api-spec
    name: Chainguard Unified API Spec
    description: >-
      The unified Chainguard API specification combines API v1 and v2
      definitions in a single reference, useful for tool builders and
      readers who need a consolidated view of the platform surface.
    humanURL: https://edu.chainguard.dev/chainguard/api/spec/
    tags:
      - OpenAPI
      - Reference
    properties:
      - type: Documentation
        url: https://edu.chainguard.dev/chainguard/api/spec/
  - aid: chainguard:chainctl
    name: Chainguard chainctl CLI
    description: >-
      chainctl is the official command-line interface for the Chainguard
      platform. It provides commands for authentication, IAM, image
      management, registry operations, event subscriptions, packages,
      libraries, and configuration. chainctl uses the same underlying APIs
      (v1 and v2) and is often the fastest path to automating Chainguard
      workflows.
    humanURL: https://edu.chainguard.dev/chainguard/chainctl/chainctl-docs/chainctl/
    tags:
      - Automation
      - CLI
      - Tooling
    properties:
      - type: Documentation
        url: https://edu.chainguard.dev/chainguard/chainctl/chainctl-docs/chainctl/
      - type: Authentication
        url: https://edu.chainguard.dev/chainguard/chainctl/chainctl-docs/chainctl_auth/
      - type: GitHubRepository
        url: https://github.com/chainguard-dev/chainctl-releases
  - aid: chainguard:terraform-provider
    name: Chainguard Terraform Provider
    description: >-
      The chainguard-dev/chainguard Terraform provider lets platform
      engineers provision and manage Chainguard resources (organizations,
      groups, identities, roles, subscriptions, and more) as
      infrastructure-as-code through the Chainguard API.
    humanURL: >-
      https://registry.terraform.io/providers/chainguard-dev/chainguard/latest/docs
    tags:
      - IaC
      - Provisioning
      - Terraform
    properties:
      - type: Documentation
        url: >-
          https://registry.terraform.io/providers/chainguard-dev/chainguard/latest/docs
      - type: GitHubRepository
        url: https://github.com/chainguard-dev/terraform-provider-chainguard
  - aid: chainguard:images-registry
    name: Chainguard Images Registry (cgr.dev)
    description: >-
      cgr.dev is the OCI-compliant distribution endpoint for Chainguard
      Images. Standard OCI and Docker tooling (docker pull, cosign verify,
      oras, crane, etc.) can authenticate with a pull token or IAM
      credentials to list tags, fetch images, and verify signatures and
      attestations.
    humanURL: https://edu.chainguard.dev/chainguard/chainguard-images/
    baseURL: https://cgr.dev
    tags:
      - Cosign
      - Distribution
      - OCI
      - Registry
      - Sigstore
    properties:
      - type: Documentation
        url: https://edu.chainguard.dev/chainguard/chainguard-images/
      - type: Overview
        url: https://edu.chainguard.dev/chainguard/chainguard-images/overview/
common:
  - type: Website
    url: https://www.chainguard.dev/
  - type: Documentation
    url: https://edu.chainguard.dev/
  - type: DeveloperPortal
    url: https://edu.chainguard.dev/chainguard/api/
  - type: Academy
    url: https://edu.chainguard.dev/
  - type: Blog
    url: https://www.chainguard.dev/unchained
  - type: GitHub
    url: https://github.com/chainguard-dev
  - type: Pricing
    url: https://www.chainguard.dev/pricing
  - type: SignUp
    url: https://console.chainguard.dev/
  - type: Console
    url: https://console.chainguard.dev/
  - type: Contact
    url: https://www.chainguard.dev/contact
  - type: Careers
    url: https://www.chainguard.dev/careers
  - type: Security
    url: https://www.chainguard.dev/trust
  - type: StatusPage
    url: https://status.chainguard.dev/
  - type: TermsOfService
    url: https://www.chainguard.dev/legal/terms
  - type: PrivacyPolicy
    url: https://www.chainguard.dev/legal/privacy
  - type: X
    url: https://x.com/chainguard_dev
  - type: LinkedIn
    url: https://www.linkedin.com/company/chainguard/
  - type: YouTube
    url: https://www.youtube.com/@chainguard_dev
  - name: Features
    type: Features
    data:
      - name: Hardened Images
      - name: Minimal Images
      - name: Distroless
      - name: Zero-Known-CVE
      - name: SBOMs
      - name: SLSA Attestations
      - name: Sigstore Signatures
      - name: Cosign Verification
      - name: Daily Rebuilds
      - name: Wolfi OS Base
      - name: OCI Registry
      - name: IAM
      - name: RBAC
      - name: Audit Logs
      - name: Event Subscriptions
      - name: Vulnerability Feed
      - name: Custom Assembly
      - name: FIPS Images
      - name: STIG Hardening
      - name: Libraries for Java
      - name: Libraries for Python
      - name: Libraries for Go
      - name: Libraries for Node.js
      - name: Terraform Provider
      - name: CLI (chainctl)
      - name: REST API
  - name: UseCases
    type: UseCases
    data:
      - name: Software Supply Chain Security
      - name: Container Hardening
      - name: CVE Remediation
      - name: Compliance (FedRAMP, FIPS, PCI, HIPAA)
      - name: Open Source Dependency Security
      - name: Secure Base Images
      - name: Air-Gapped Distribution
      - name: Kubernetes Workload Security
      - name: CI/CD Integration
      - name: Image Signing and Verification
      - name: Vulnerability Scanning Reduction
  - name: Integrations
    type: Integrations
    data:
      - name: Kubernetes
      - name: Docker
      - name: OCI
      - name: Sigstore
      - name: Cosign
      - name: SLSA
      - name: Terraform
      - name: GitHub Actions
      - name: GitLab CI
      - name: Jenkins
      - name: Argo CD
      - name: Tekton
      - name: Harbor
      - name: Quay
      - name: Amazon ECR
      - name: Google Artifact Registry
      - name: Azure Container Registry
      - name: Snyk
      - name: Prisma Cloud
      - name: Wiz
      - name: Trivy
      - name: Grype
      - name: Syft
      - name: AWS
      - name: Google Cloud
      - name: Azure
  - name: Products
    type: Products
    data:
      - name: Chainguard Images
      - name: Chainguard Libraries
      - name: Chainguard Enforce
      - name: Chainguard VMs
      - name: Chainguard Containers
      - name: Wolfi OS
      - name: Custom Assembly
  - type: Integrations
    url: https://www.chainguard.dev/partners
  - name: Agent Skills
    url: https://www.chainguard.dev/unchained/introducing-chainguard-agent-skills
    type: AgentSkill
integrations:
  - name: Become a partner
  - name: Register a deal
  - name: Join Chainguard Commercial Builds
  - name: AWS
maintainers:
  - FN: Kin Lane
    email: [email protected]