Chainguard Joins IBM PDE Factory to Advance Trusted Open Source Software for Public Sector Missions

Today, we’re excited to share that Chainguard is now included in IBM’s Product & Platform, Design, & Engineering (PDE) Factory — an open source-powered, secure software development platform designed to help government agencies and regulated enterprises modernize faster, while staying compliant and resilient against cyber threats today and in the future. Government customers using the PDE Factory can now take full advantage of Chainguard’s vulnerability-free container images, ensuring they develop the most secure solutions to meet any government security requirement.

Secure-by-default software, at the speed agencies demand

For every organization, striking the balance between speed and security is a given, but for federal agencies, the stakes are ten times higher. Not only must engineers build software and deliver solutions rapidly, but they also must navigate complex layers of compliance, legacy systems, and procurement policies. Many agencies still rely on legacy infrastructure that’s difficult to modernize, forcing teams to simultaneously bridge old and new architectures. At the same time, ensuring continuous auditability and supply chain transparency are non-negotiable. And the pressure could not be higher, as the slightest misstep or deployment delay could have irreversible ramifications for national security and public safety.

The IBM PDE Factory flips that model. Instead of starting from scratch, agencies receive a secure, policy-driven Secure Software Supply Chain Platform that’s ready to deploy in minutes or hours, rather than months. The PDE Factory is an IBM-led ecosystem designed specifically to help agencies modernize securely at scale. Think of the IBM PDE Factory like a “factory reset” for secure software: rather than reinventing the foundational plumbing for every new program or project (and risking errors, delays, and compliance gaps), you start from a policy-hardened baseline that aligns with the specific regulatory requirements for your specific needs.

Trusted by federal agencies from day one

Chainguard was founded on the idea that security should be built in, not bolted on, and our inclusion in the PDE Factory ensures that government organizations can live by this principle as well. Open source is the backbone of modern government software, but a single weak link can create a cascading risk across critical systems. Chainguard Containers eliminates that risk by providing a continuously updated catalog of more than 1,700 hardened images — including over 600 that are FIPS compliant — all rebuilt from source every day to ensure zero known vulnerabilities.

Instead of burning cycles patching CVEs and wrestling with compliance checklists, engineers working on federal programs and projects can rely on Chainguard’s secure-by-default containers to reduce attack surface, streamline FedRAMP and other requirements, and redirect their focus to building the mission-driven capabilities that matter most.

For instance, Ask Sage, one of the first GenAI platforms purpose-built for secure government environments, needed to meet strict compliance standards. With Chainguard, Ask Sage eliminated thousands of vulnerabilities upfront and reduced compliance workload by up to 40%, allowing them to achieve FedRAMP High and IL5 accreditation in record time — compressing a months-long, costly process into just weeks.

Expanding Chainguard’s collaboration with IBM

Our work with IBM goes beyond the PDE Factory. Chainguard and IBM are also announcing a joint marketing agreement to help bring Chainguard and the PDE Factory to market, including the development of joint solutions, pursuit of opportunities, and broad support for joint sales and marketing activities. This collaboration brings together two of the leading software supply solutions in the market, simplifying secure software development for federal agencies.

Looking to learn more?

With Chainguard, you’re not only shifting left, but starting left. Reach out today to our customer-obsessed team to schedule a demo and let us show you what the IBM PDE Factory and Chainguard can do for you.