Chainguard thinks most DevOps teams are solving container security the hard way

thenewstack.io · CrankyBear · 26 days ago · view on HN · news
quality 7/10 · good
0 net
Tags
cloudflare docker kubernetes react
Chainguard thinks most DevOps teams are solving container security the hard way - The New Stack TNS OK SUBSCRIBE Join our community of software engineering leaders and aspirational developers. Always stay in-the-know by getting the most important news and exclusive content delivered fresh to your inbox to learn more about at-scale software development. EMAIL ADDRESS REQUIRED SUBSCRIBE RESUBSCRIPTION REQUIRED It seems that you've previously unsubscribed from our newsletter in the past. Click the button below to open the re-subscribe form in a new tab. When you're done, simply close that tab and continue with this form to complete your subscription. RE-SUBSCRIBE The New Stack does not sell your information or share it with unaffiliated third parties. By continuing, you agree to our Terms of Use and Privacy Policy . Welcome and thank you for joining The New Stack community! Please answer a few simple questions to help us deliver the news and resources you are interested in. FIRST NAME REQUIRED LAST NAME REQUIRED COMPANY NAME REQUIRED COUNTRY REQUIRED Select ... United States Canada India United Kingdom Germany France --- Afghanistan Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Asia/Pacific Region Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos (Keeling) Islands Colombia Comoros Congo Congo, The Democratic Republic of the Cook Islands Costa Rica Croatia Cuba Curaçao Cyprus Czech Republic Côte d'Ivoire Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands (Malvinas) Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and Mcdonald Islands Holy See (Vatican City State) Honduras Hong Kong Hungary Iceland India Indonesia Iran, Islamic Republic Of Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati Korea, Republic of Kuwait Kyrgyzstan Laos Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia, Federated States of Moldova, Republic of Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands Netherlands Antilles New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island North Korea North Macedonia Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory, Occupied Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Islands Poland Portugal Puerto Rico Qatar Reunion Romania Russian Federation Rwanda Saint Barthélemy Saint Helena Saint Kitts and Nevis Saint Lucia Saint Martin Saint Martin Saint Pierre and Miquelon Saint Vincent and the Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Serbia and Montenegro Seychelles Sierra Leone Singapore Sint Maarten Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and the South Sandwich Islands South Sudan Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania, United Republic of Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates United Kingdom United States United States Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam Virgin Islands, British Virgin Islands, U.S. Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Åland Islands ZIPCODE REQUIRED Great to meet you! Tell us a bit about your job so we can cover the topics you find most relevant. What is your job level? REQUIRED --> Select ... C-Level VP/Director Manager/Supervisor Mid Level or Senior Non-Managerial Staff Entry Level/Junior Staff Freelancer/Contractor Student/Intern Other ... Which of these most closely describes your job role? REQUIRED Select ... Developer/Software Engineer SysAdmin/Operations/SRE Architect Security Professional DevOps Engineer/Team Community Manager/Developer Advocate IT management, including CIO/CISO/CTO Business Development/Marketing/Sales Enthusiast/Hobbyist Other ... How many employees are in the organization you work with? REQUIRED Select ... Self-employed 2-10 11-50 51-250 251-1,000 1,001-10,000 > 10,000 I am not working What option best describes the type of organization you work for? REQUIRED Select ... “End user” organization that primarily uses IT products and services to support their business deliverables Hardware / software vendor or supplier Cloud service provider or managed service provider System integrator or IT consulting firm Other ... Which of the following best describes your organization's primary industry? REQUIRED Select ... Advertising/Marketing Aerospace/Aviation Agriculture Automotive Biotech/Pharmaceutical Business Services (accounting, consulting, etc.) Computers/Information Technology Construction Education Facilities/Service Industry Finance/Financial Services (banking, insurance, etc.) Government Healthcare Human Resources Legal Life sciences (biotech, pharmaceuticals, etc.) Manufacturing Media Non-profit Real Estate Retail/Consumer Goods Telecommunications Transportation/Logistics Travel/Hospitality/Entertainment Utility/Energy Other ... LINKEDIN PROFILE URL Welcome! We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game. What’s next? Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups. Follow TNS on your favorite social media networks. --> Become a TNS follower on LinkedIn . Check out the latest featured and trending stories while you wait for your first TNS newsletter. PREV 1 of 2 NEXT VOXPOP As a JavaScript developer, what non-React tools do you use most often? ✓ Angular 0% ✓ Astro 0% ✓ Svelte 0% ✓ Vue.js 0% ✓ Other 0% ✓ I only use React 0% ✓ I don't use JavaScript 0% Thanks for your opinion! Subscribe below to get the final results, published exclusively in our TNS Update newsletter: SUBMIT NEW! Try Stackie AI ARCHITECTURE Cloud Native Ecosystem Containers Databases Edge Computing Infrastructure as Code Linux Microservices Open Source Networking Storage ENGINEERING AI AI Engineering API Management Backend development Data Frontend Development Large Language Models Security Software Development WebAssembly OPERATIONS AI Operations CI/CD Cloud Services DevOps Kubernetes Observability Operations Platform Engineering PROGRAMMING C++ Developer tools Go Java JavaScript Programming Languages Python Rust TypeScript CHANNELS Podcasts Ebooks Events Webinars Newsletter TNS RSS Feeds THE NEW STACK About / Contact Sponsors Advertise With Us Contributions PODCASTS EBOOKS EVENTS WEBINARS NEWSLETTER CONTRIBUTE ARCHITECTURE ENGINEERING OPERATIONS PROGRAMMING Cloud Native Ecosystem Containers Databases Edge Computing Infrastructure as Code Linux Microservices Open Source Networking Storage What is KubeVirt and why it’s growing Mar 17th 2026 9:00am, by Tiago Castro Tetrate launches open source marketplace to simplify Envoy adoption Mar 11th 2026 10:52am, by Adrian Bridgwater Cloud repatriation is hard. Here's how to build a self-service developer platform that works. Mar 4th 2026 9:14am, by TNS Staff Why Kubernetes 1.35 is a game-changer for stateful workload scaling Feb 21st 2026 8:00am, by Janakiram MSV The developer as conductor: Leading an orchestra of AI agents with the feature flag baton Feb 19th 2026 3:31pm, by TNS Staff Chainguard thinks most DevOps teams are solving container security the hard way Mar 17th 2026 1:04pm, by Steven J. Vaughan-Nichols How to deploy an AI server on your Debian/Ubuntu server Mar 10th 2026 11:00am, by Jack Wallen NanoClaw can stuff each AI agent into its own Docker container to deal with OpenClaw's security mess Mar 7th 2026 10:00am, by David Eastman IT-Tools brings many useful developer tools into one convenient location Mar 6th 2026 12:00pm, by Jack Wallen How WebAssembly plugins simplify Kubernetes extensibility Mar 3rd 2026 2:00pm, by B. Cameron Gain The “files are all you need” debate misses what's actually happening in agent memory architecture Mar 13th 2026 5:00am, by Mikiko Bazeley With GridGain acquisition, MariaDB bets on in-memory computing and Apache Ignite Mar 10th 2026 6:47am, by Paul Sawers Moving AI apps from prototype to production requires enterprise-grade postgres infrastructure Mar 9th 2026 7:00am, by Meredith Shubel Why the "bible" of data systems is getting a massive rewrite for 2026 Mar 4th 2026 5:00am, by Cynthia Dunlop Why the secret to scaling AI isn’t a better model, it's a simpler foundation Feb 26th 2026 5:00am, by Ajay Khanna Developers are coding to a moving target, and nobody knows where AI lands next Mar 3rd 2026 7:33am, by Adrian Bridgwater Cloudflare’s new Markdown support shows how the web is evolving for AI agents Mar 2nd 2026 4:30am, by David Eastman React Server Components Vulnerability Found Dec 6th 2025 7:00am, by Loraine Lawson Kubernetes at the Edge: Lessons From GE HealthCare’s Edge Strategy Nov 24th 2025 10:00am, by Vicki Walker Building a Cloud-to-Edge Architecture Across 40K Global Locations Nov 20th 2025 10:00am, by Vicki Walker Why "automated" infrastructure might cost more than you think Feb 24th 2026 4:00am, by Justyn Roberts Why 40% of AI projects will be canceled by 2027 (and how to stay in the other 60%) Feb 13th 2026 6:00am, by Alex Drag Durable Execution: Build reliable software in an unreliable world Feb 2nd 2026 3:23pm, by Charles Humble Terraform challenger Formae expands to more clouds Jan 28th 2026 6:00am, by Joab Jackson IBM HashiCorp 'Sunsets' Terraform's External Language Support Dec 12th 2025 2:00pm, by Joab Jackson Chainguard thinks most DevOps teams are solving container security the hard way Mar 17th 2026 1:04pm, by Steven J. Vaughan-Nichols Tromjaro is a free-trade Linux distribution with plenty to offer Mar 14th 2026 11:00am, by Jack Wallen Google will soon bring Chrome to ARM64 Linux Mar 12th 2026 1:00pm, by Frederic Lardinois How to deploy an AI server on your Debian/Ubuntu server Mar 10th 2026 11:00am, by Jack Wallen IT-Tools brings many useful developer tools into one convenient location Mar 6th 2026 12:00pm, by Jack Wallen Tetrate launches open source marketplace to simplify Envoy adoption Mar 11th 2026 10:52am, by Adrian Bridgwater OpenTelemetry roadmap: Sampling rates and collector improvements ahead Feb 24th 2026 11:00am, by B. Cameron Gain Merging To Test Is Killing Your Microservices Velocity Dec 16th 2025 7:00am, by Arjun Iyer IBM’s Confluent Acquisition Is About Event-Driven AI Dec 11th 2025 6:00am, by Joab Jackson Deploy Agentic AI Workflows With Kubernetes and Terraform Nov 26th 2025 9:00am, by Oladimeji Sowole Chainguard thinks most DevOps teams are solving container security the hard way Mar 17th 2026 1:04pm, by Steven J. Vaughan-Nichols GitHub Copilot's effect on collaboration has stunned researchers Mar 17th 2026 11:42am, by Steven J. Vaughan-Nichols MCP's biggest growing pains for production use will soon be solved Mar 14th 2026 7:00am, by Paul Sawers AI layoffs are here, the MCP vs API debate, and the rise of the Mac Mini-powered Agent Mar 14th 2026 6:32am, by Matthew Burns NanoClaw and Docker team up to isolate AI agents inside MicroVM sandboxes Mar 13th 2026 12:26pm, by Steven J. Vaughan-Nichols GSMA Open Gateway offers developers one API for 300+ mobile networks Mar 4th 2026 10:26am, by Adrian Bridgwater How Homepage simplifies monitoring your self-hosted services Feb 6th 2026 8:00am, by Jack Wallen S3 is the new network: Rethinking data architecture for the cloud era Feb 2nd 2026 4:00am, by Max Liu Cisco is using eBPF to rethink firewalls, vulnerability mitigation Jan 26th 2026 9:00am, by Joab Jackson You Might Not Know This, but Your NAS Might Be a Good Docker Server Jan 16th 2026 10:00am, by Jack Wallen What is KubeVirt and why it’s growing Mar 17th 2026 9:00am, by Tiago Castro S3 is the new network: Rethinking data architecture for the cloud era Feb 2nd 2026 4:00am, by Max Liu Agoda’s secret to 50x scale: Getting the database basics right Jan 28th 2026 7:00am, by Cynthia Dunlop Chainguard EmeritOSS backs MinIO, other orphaned projects Jan 27th 2026 6:15am, by Steven J. Vaughan-Nichols You Might Not Know This, but Your NAS Might Be a Good Docker Server Jan 16th 2026 10:00am, by Jack Wallen AI AI Engineering API Management Backend development Data Frontend Development Large Language Models Security Software Development WebAssembly OpenAI's GPT-5.4 mini and nano are built for the subagent era Mar 17th 2026 11:57am, by Frederic Lardinois GitHub Copilot's effect on collaboration has stunned researchers Mar 17th 2026 11:42am, by Steven J. Vaughan-Nichols Nvidia brings together AI labs to build the next generation of open base models Mar 16th 2026 1:20pm, by Frederic Lardinois Nvidia's NemoClaw is OpenClaw with guardrails Mar 16th 2026 1:05pm, by Frederic Lardinois Anthropic doubles Claude usage outside peak hours — but it won't last forever Mar 16th 2026 11:02am, by Paul Sawers Nvidia's NemoClaw is OpenClaw with guardrails Mar 16th 2026 1:05pm, by Frederic Lardinois A beginner's guide to vibe coding Mar 15th 2026 9:00am, by Jessica Wachtel Ex-Snowflake engineers say there's a blind spot in data engineering — so they built Tower to fix it Mar 15th 2026 7:00am, by Paul Sawers Why AI systems are failing in familiar ways Mar 14th 2026 1:00pm, by Steve Fenton AI layoffs are here, the MCP vs API debate, and the rise of the Mac Mini-powered Agent Mar 14th 2026 6:32am, by Matthew Burns Before you let AI agents loose, you’d better know what they’re capable of Mar 12th 2026 1:22pm, by Charles Humble GSMA Open Gateway offers developers one API for 300+ mobile networks Mar 4th 2026 10:26am, by Adrian Bridgwater Your AI strategy is built on layers of API sediment Feb 17th 2026 9:37am, by Charles Humble Solving the Problems That Accompany API Sprawl With AI Jan 15th 2026 1:00pm, by Heather Joslyn 4 Core Principles for Scaling Your API Engineering Practice Jan 13th 2026 10:00am, by Matthias Biehl How To Get DNS Right: A Guide to Common Failure Modes Dec 24th 2025 8:00am, by Sheldon Pereira and Denton Chikura Combining Rust and Python for High-Performance AI Systems Dec 3rd 2025 1:00pm, by Zziwa Raymond Ian How MCP Uses Streamable HTTP for Real-Time AI Tool Interaction Aug 18th 2025 10:34am, by Janakiram MSV A Backend for Frontend: Watt for Node.js Simplifies Operations Aug 14th 2025 6:00am, by Loraine Lawson Human-on-the-Loop: The New AI Control Model That Actually Works Aug 4th 2025 8:00am, by Steve Wilson Ex-Snowflake engineers say there's a blind spot in data engineering — so they built Tower to fix it Mar 15th 2026 7:00am, by Paul Sawers Why the "bible" of data systems is getting a massive rewrite for 2026 Mar 4th 2026 5:00am, by Cynthia Dunlop How to clone a drive to an image with Clonezilla Mar 3rd 2026 1:00pm, by Jack Wallen Databases weren’t built for agent sprawl – SurrealDB wants to fix it Feb 24th 2026 2:07pm, by Paul Sawers How to ground AI agents in accurate, context-rich data Feb 13th 2026 5:00am, by Todd R. Weiss WebMCP turns any Chrome web page into an MCP server for AI agents Mar 17th 2026 11:50am, by David Eastman Confluent adds A2A support, anomaly detection, and Queues for Kafka in major platform update Mar 3rd 2026 10:21am, by Jelani Harper Google's Chrome browser moves to a two-week release cycle Mar 3rd 2026 9:00am, by Frederic Lardinois Meta gave React its own foundation. But it's not letting go just yet. Mar 3rd 2026 4:00am, by Paul Sawers The shift left hangover: Why modern platforms are shifting down to cure developer fatigue Jan 30th 2026 6:22pm, by Steve Corndell Andrej Karpathy's 630-line Python script ran 50 experiments overnight without any human input Mar 14th 2026 5:00am, by Janakiram MSV "Self-healing" IT? HPE research explores how AI-trained models can catch silent infrastructure failures Mar 11th 2026 9:37am, by Jennifer Riggins How context rot drags down AI and LLM results for enterprises, and how to fix it Mar 9th 2026 9:00am, by Todd R. Weiss Snowflake Cortex Code CLI adds dbt and Apache Airflow support for AI-powered data pipelines Mar 8th 2026 6:00am, by Jelani Harper Prompting vs. RAG vs. fine-tuning: Why it’s not a ladder Jan 29th 2026 10:00am, by Ibrahim Kamal Chainguard thinks most DevOps teams are solving container security the hard way Mar 17th 2026 1:04pm, by Steven J. Vaughan-Nichols The security hole that every enterprise AI deployment has (but nobody looks for) Mar 17th 2026 9:42am, by Adrian Bridgwater The AI blind spot debt: the hidden cost killing your innovation strategy Mar 17th 2026 7:00am, by Yuval Fernbach Your database is about to become an AI tool. Is it ready? Mar 17th 2026 5:00am, by Dan Baskette Cursor built a fleet of security agents to solve a familiar frustration Mar 16th 2026 11:17am, by Frederic Lardinois GitHub Copilot's effect on collaboration has stunned researchers Mar 17th 2026 11:42am, by Steven J. Vaughan-Nichols Agents write code. They don't do software engineering. Mar 16th 2026 5:00am, by Arjun Iyer A beginner's guide to vibe coding Mar 15th 2026 9:00am, by Jessica Wachtel AI layoffs are here, the MCP vs API debate, and the rise of the Mac Mini-powered Agent Mar 14th 2026 6:32am, by Matthew Burns F-Droid says Google's Android developer verification plan is an 'existential' threat to alternative app stores Mar 13th 2026 11:33am, by David Cassel How WebAssembly plugins simplify Kubernetes extensibility Mar 3rd 2026 2:00pm, by B. Cameron Gain WebAssembly is everywhere. Here's how it works Feb 25th 2026 11:00am, by Jessica Wachtel Wasm vs. JavaScript: Who wins at a million rows? Feb 22nd 2026 6:00am, by Jessica Wachtel How WebAssembly and Web Workers prevent UI freezes Feb 7th 2026 9:00am, by Jessica Wachtel WebAssembly vs. JavaScript: Testing Side-by-Side Performance Jan 20th 2026 9:00am, by Jessica Wachtel AI Operations CI/CD Cloud Services DevOps Kubernetes Observability Operations Platform Engineering The AI blind spot debt: the hidden cost killing your innovation strategy Mar 17th 2026 7:00am, by Yuval Fernbach Why AI workloads are breaking traditional Kubernetes observability strategies Mar 16th 2026 7:04am, by TNS Staff A practical guide to the 6 categories of AI cloud infrastructure in 2026 Mar 15th 2026 5:00am, by Janakiram MSV Before you let AI agents loose, you’d better know what they’re capable of Mar 12th 2026 1:22pm, by Charles Humble Why AI-driven operations are pushing governance beyond a compliance issue and into an operational priority Mar 12th 2026 9:21am, by João Freitas This simple infrastructure gap is holding back AI productivity Feb 22nd 2026 8:00am, by Charlotte Fleming Ramp’s Inspect shows closed-loop AI agents are software’s future Jan 29th 2026 11:00am, by Arjun Iyer QCon chat: Is agentic AI killing continuous integration? Jan 27th 2026 6:00am, by Joab Jackson Async Rust: Pinning demystified Jan 26th 2026 11:00am, by Anshul Gupta A security checklist for your React and Next.js apps Jan 26th 2026 7:00am, by Crystal Morin A practical guide to the 6 categories of AI cloud infrastructure in 2026 Mar 15th 2026 5:00am, by Janakiram MSV Runpod report: Qwen has overtaken Meta's Llama as the most-deployed self-hosted LLM Mar 12th 2026 6:00am, by Adrian Bridgwater Snowflake Cortex Code CLI adds dbt and Apache Airflow support for AI-powered data pipelines Mar 8th 2026 6:00am, by Jelani Harper Databases weren’t built for agent sprawl – SurrealDB wants to fix it Feb 24th 2026 2:07pm, by Paul Sawers Rising identity complexity: How CISOs can prevent it from becoming an attacker’s roadmap Feb 19th 2026 12:47pm, by Jay Reddy One developer, team power: The future of AI-driven DevSecOps Mar 5th 2026 2:29pm, by Bryan Ross Observability platform migration guide: Prometheus, OpenTelemetry, and Fluent Bit Feb 26th 2026 7:28am, by Katie Greenley Most platform teams build products, but they don’t know it Feb 24th 2026 9:00am, by Oleg Danilyuk Why "automated" infrastructure might cost more than you think Feb 24th 2026 4:00am, by Justyn Roberts The essential shift every ITOps leader must make to survive an unrelenting stream of incidents Feb 19th 2026 1:46pm, by Ariel Russo What is KubeVirt and why it’s growing Mar 17th 2026 9:00am, by Tiago Castro From monolith to global mesh: How Uber standardized ML at scale Mar 17th 2026 4:00am, by Eric Wang and Ying Zheng Why AI workloads are breaking traditional Kubernetes observability strategies Mar 16th 2026 7:04am, by TNS Staff Why is your Kubernetes cluster adding nodes when the dashboards look fine? Mar 8th 2026 8:10am, by Yasmin Rajabi Cloud repatriation is hard. Here's how to build a self-service developer platform that works. Mar 4th 2026 9:14am, by TNS Staff Why agentic AI stalls in production — and how a control plane fixes it Mar 17th 2026 6:00am, by TNS Staff Why AI workloads are breaking traditional Kubernetes observability strategies Mar 16th 2026 7:04am, by TNS Staff "Self-healing" IT? HPE research explores how AI-trained models can catch silent infrastructure failures Mar 11th 2026 9:37am, by Jennifer Riggins Netdata is a seriously impressive server monitoring tool Feb 26th 2026 10:00am, by Jack Wallen Observability platform migration guide: Prometheus, OpenTelemetry, and Fluent Bit Feb 26th 2026 7:28am, by Katie Greenley Managed OpenClaw bids to kill hidden token tax on AI agents Mar 17th 2026 6:00am, by Adrian Bridgwater Why AI systems are failing in familiar ways Mar 14th 2026 1:00pm, by Steve Fenton Andrej Karpathy's 630-line Python script ran 50 experiments overnight without any human input Mar 14th 2026 5:00am, by Janakiram MSV "Self-healing" IT? HPE research explores how AI-trained models can catch silent infrastructure failures Mar 11th 2026 9:37am, by Jennifer Riggins Cursor builds always-on agents to tackle developer task tedium Mar 9th 2026 8:05am, by Adrian Bridgwater From monolith to global mesh: How Uber standardized ML at scale Mar 17th 2026 4:00am, by Eric Wang and Ying Zheng Why enterprise software development needs air traffic control Mar 4th 2026 2:35pm, by Emilio Salvador Why traditional ITOps is failing to keep up with the unique nature of AI incidents Mar 4th 2026 10:00am, by Kat Gaines Cloud repatriation is hard. Here's how to build a self-service developer platform that works. Mar 4th 2026 9:14am, by TNS Staff Why your DIY Kubernetes stack won't survive the era of agentic AI Feb 26th 2026 4:00am, by Oren Penso C++ Developer tools Go Java JavaScript Programming Languages Python Rust TypeScript Open source USearch library jumpstarts ScyllaDB vector search Feb 5th 2026 12:00pm, by Jelani Harper AWS WAF vs. Google Cloud Armor: A Multicloud Security Showdown Nov 25th 2025 10:00am, by Advait Patel Goodbye Dashboards: Agents Deliver Answers, Not Just Reports Nov 23rd 2025 9:00am, by Ketan Karkhanis Rust vs. C++: a Modern Take on Performance and Safety Oct 22nd 2025 2:00pm, by Zziwa Raymond Ian Building a Real-Time System Monitor in Rust Terminal Oct 15th 2025 7:05am, by Tinega Onchari Cursor built a fleet of security agents to solve a familiar frustration Mar 16th 2026 11:17am, by Frederic Lardinois Microsoft's VS Code team moved to weekly releases after 10 years of monthly — and credits AI for making it possible Mar 11th 2026 10:38am, by Darryl K. Taft JetBrains names the debt AI agents leave behind Mar 11th 2026 9:57am, by Darryl K. Taft Cursor builds always-on agents to tackle developer task tedium Mar 9th 2026 8:05am, by Adrian Bridgwater IT-Tools brings many useful developer tools into one convenient location Mar 6th 2026 12:00pm, by Jack Wallen Go Experts: 'I Don't Want to Maintain AI-Generated Code' Sep 28th 2025 6:00am, by David Cassel How To Run Kubernetes Commands in Go: Steps and Best Practices Jun 27th 2025 8:00am, by Sunny Yadav Prepare Your Mac for Go Development Apr 12th 2025 7:00am, by Damon M. Garn Pagoda: A Web Development Starter Kit for Go Programmers Mar 19th 2025 6:10am, by Loraine Lawson Microsoft TypeScript Devs Explain Why They Chose Go Over Rust, C# Mar 18th 2025 7:00am, by David Cassel 62% of enterprises now use Java to power AI apps Feb 10th 2026 12:58pm, by Darryl K. Taft BellSoft bets Java expertise can beat hardened container wave Jan 26th 2026 3:00pm, by Darryl K. Taft Java Developers Get Multiple Paths To Building AI Agents Dec 26th 2025 7:02am, by Darryl K. Taft Your Enterprise AI Strategy Must Start With Java, Not Python Dec 22nd 2025 1:00pm, by Michael Coté Why Bloomberg Chose Vendor-Neutral Java Over Big Tech Oct 2nd 2025 5:00pm, by Darryl K. Taft TypeScript 6.0 RC arrives as a bridge to a faster future Mar 14th 2026 9:00am, by Darryl K. Taft WebAssembly is everywhere. Here's how it works Feb 25th 2026 11:00am, by Jessica Wachtel Wasm vs. JavaScript: Who wins at a million rows? Feb 22nd 2026 6:00am, by Jessica Wachtel Arcjet reaches v1.0, promises stable security for JavaScript apps Feb 14th 2026 7:00am, by Darryl K. Taft How WebAssembly and Web Workers prevent UI freezes Feb 7th 2026 9:00am, by Jessica Wachtel TypeScript 6.0 RC arrives as a bridge to a faster future Mar 14th 2026 9:00am, by Darryl K. Taft Nearly half of all companies now use Rust in production, survey finds Mar 6th 2026 10:45am, by Darryl K. Taft Statistical language R is making a comeback against Python Feb 12th 2026 2:57pm, by Darryl K. Taft 62% of enterprises now use Java to power AI apps Feb 10th 2026 12:58pm, by Darryl K. Taft Memory-Safe Jule language emerges as C/C++ alternative Feb 7th 2026 8:00am, by Darryl K. Taft Python virtual environments: isolation without the chaos Feb 16th 2026 7:00am, by Jessica Wachtel Statistical language R is making a comeback against Python Feb 12th 2026 2:57pm, by Darryl K. Taft Arcjet's Python SDK Embeds Security in Code Jan 16th 2026 2:00pm, by Darryl K. Taft 2025: The Year of the Return of the Ada Programming Language? Jan 14th 2026 4:00pm, by Darryl K. Taft Experts Hail Anthropic's $1.5M Python Security Commitment Jan 14th 2026 3:00pm, by Darryl K. Taft Nearly half of all companies now use Rust in production, survey finds Mar 6th 2026 10:45am, by Darryl K. Taft Wasm vs. JavaScript: Who wins at a million rows? Feb 22nd 2026 6:00am, by Jessica Wachtel Open source USearch library jumpstarts ScyllaDB vector search Feb 5th 2026 12:00pm, by Jelani Harper The 'weird' things that happened when Clickhouse replaced C++ with Rust Feb 4th 2026 7:26am, by B. Cameron Gain Async Rust: Pinning demystified Jan 26th 2026 11:00am, by Anshul Gupta TypeScript 6.0 RC arrives as a bridge to a faster future Mar 14th 2026 9:00am, by Darryl K. Taft Mastra empowers web devs to build AI agents in TypeScript Jan 28th 2026 11:00am, by Loraine Lawson Inferno Vet Creates Frontend Framework Built With AI in Mind Dec 10th 2025 11:00am, by Loraine Lawson JavaScript Utility Library Lodash Changing Governance Model Nov 1st 2025 7:00am, by Loraine Lawson Microsoft TypeScript Devs Explain Why They Chose Go Over Rust, C# Mar 18th 2025 7:00am, by David Cassel 2026-03-17 13:04:28 Chainguard thinks most DevOps teams are solving container security the hard way Containers / Linux / Open Source / Security Chainguard thinks most DevOps teams are solving container security the hard way The new Chainguard OS Packages gives engineering teams 30,000 zero-CVE packages to build custom Linux container images with automated rebuilds and SBOM support. Mar 17th, 2026 1:04pm by Steven J. Vaughan-Nichols Chainguard CEO Dan Lorenc on Tuesday in New York City. Lorenc says that the bottleneck in modern software isn’t generating code anymore; it’s trust. (Photo: The New Stack ) Chainguard OS is great, but what if you want to customize your own Linux? Now, with the Chainguard OS Package, you can build a safe, secure Linux with the features you want. Almost every company tweaks the Linux distro they use to get it just right. The problem is, as developer security company Chainguard VP of Engineering Dustin Kirkland told The New Stack on Tuesday at Chainguard Assemble in New York, “Anyone who’s building a derivative distro can only go as fast as their base distro — Debian, Fedora, Alpine — can go,” and that means they can contain Common Vulnerabilities and Exposures (CVE) security holes. Chainguard has a better idea: Chainguard OS Packages . Built on Chainguard OS, the company’s constantly updated-to-stay-secure distro, Packages enables advanced engineering teams to assemble their own container images, without the grind of tracking and fixing CVEs themselves.​ The new Chainguard OS Packages use the same zero‑known‑CVE packages and secure base images that underpin every Chainguard Container . The Packages are all built from source and maintained in the company’s automated Chainguard Factory 2.0 . Packages give customers direct access to the underlying components, allowing them to compose images using their own Dockerfiles , Bazel rules, or apko configs.​ For users, that means instead of inheriting whatever a generic base includes, your team can explicitly choose the features, dependencies, and upgrade cadence of their production images. At the same time, Chainguard handles rebuilding, CVE remediation, and compliance work in the background.​ Fast and secure? What’s not to like? In his keynote speech, Chainguard CEO and co-founder Dan Lorenc said, “Chainguard OS Packages is like receiving a professional meal kit from a Michelin‑starred supplier. It’s for teams that don’t need the finished meal but want control over their recipe and look to us for trusted ingredients. Just as most chefs build a custom dish from trusted ingredients rather than growing every herb in their garden, Chainguard OS enables organizations to build custom container images from trusted packages without managing CVEs themselves. Customers keep full control of the final image while Chainguard handles sourcing and quality.”​ This amount of control is needed, Lorenc explains, because with AI, we’re moving from hand tools to power tools to industrialized software supply chains as AI accelerates both development and programming attacks. “We need to move to automated assembly lines, where security and compliance and trust are built in, and we need to do that quickly,” he told attendees. He warns that the traditional model of discovering a CVE, filing a ticket, and patching over 30‑, 60‑ or 90‑day windows “is going to go away quickly.”​ In short, if you want secure images and distros, you must move at the speed of AI. Lorenc was blunt: The bottleneck in modern software isn’t generating code anymore; it’s trust. In his keynote, he describes how AI is collapsing exploit development timelines from months to hours. AI’s sheer speed makes it impossible for defenders to rely on manual patch cycles. “The only way to keep up here is automation and starting with something secure by design,” he convincingly argued that hardened operating systems and automated rebuild pipelines are now table stakes.​ So Chainguard argues that as container security programs mature, many organizations outgrow simple base-image swaps and want tight control over exactly what runs in production. Historically, that has meant building and maintaining their own package repositories: watching upstream projects for releases, rebuilding packages, and tracking vulnerabilities. That’s a lot of work. With Packages, Chainguard says those same teams can get a DIY experience without handling all the heavy lifting. The company delivers more than 30,000 enterprise‑grade packages via a private APK repository, along with select base images, all of which are continuously rebuilt in its Factory pipeline. Each package includes SBOMs generated by Chainguard’s software factory, so you know exactly what you’re building in your custom images. Sounds good to you? Chainguard OS Packages is available now in beta, with access requests handled through the company’s website. TRENDING STORIES YOUTUBE.COM/THENEWSTACK Tech moves fast, don't miss an episode. Subscribe to our YouTube channel to stream all our podcasts, interviews, demos, and more. SUBSCRIBE Group Created with Sketch. Steven J. Vaughan-Nichols, aka sjvn, has been writing about technology and the business of technology since CP/M-80 was the cutting-edge PC operating system, 300bps was a fast internet connection, WordStar was the state-of-the-art word processor, and we liked it. Read more from Steven J. Vaughan-Nichols SHARE THIS STORY --> TRENDING STORIES SHARE THIS STORY --> TRENDING STORIES TNS DAILY NEWSLETTER Receive a free roundup of the most recent TNS articles in your inbox each day. SUBSCRIBE The New Stack does not sell your information or share it with unaffiliated third parties. By continuing, you agree to our Terms of Use and Privacy Policy .
← Back to stories