Plans & Pricing
Build software better with Chainguard
Hardened, secure, and production-ready builds of all the open source you rely on — so your teams can build faster, stay compliant, and eliminate risk.
Select a product
Chainguard Containers
Minimal, secure-by-design container images guarded under a CVE remediation SLA
indie hackers & vibe coders
Free Images
A select set of images that are free to test and deploy.
what's Included
- :latest tags only
Scoped Enterprise Deployments
Per Image
Licensed by number and type of images (base, app, AI/ML, and FIPS).
what's Included
- Contractual CVE SLA
- All upstream supported tags
wall-to-wall standardization
Catalog
Licensed by size of engineering organization.
what's Included
- Full access to 1,700+ images (and growing)
- Contractual CVE SLA
- Ability to request net new images
Chainguard Containers features
Features
Free Images
Per Image
Catalog
Container image access
~50 free images
Select access from the Chainguard Catalog
Full access to the Chainguard Catalog
Unlimited pulls with no metering
Continuously built from source in SLSA L2 hardened infrastructure with CVE patching
Sigstore signed artifacts with full build-time SBOMs and digital attestations
Build-time SBOMs, security advisory feeds, and broad scanner support
All upstream supported versions, including major and minor tags (i.e., Python 3.10-3.14)
~40 free images
Contractual CVE SLA (7 days for critical, 14 days for high/med/low)
Automated tooling (Custom Assembly) and access to 10K+ packages (Private APK Repo) to quickly and easily customize images
Access to STIG-hardened and FIPS-validated images
Updated end-of-life images for up to 6 months with EOL Grace Period
Console to manage images, entitlements, pull tokens, and more
Ability to request new images or packages at no cost
Chainguard Libraries
Malware-resistant, CVE-patched language libraries to combat supply chain attacks across Python, Java, and JavaScript
Licensed by ecosystem based on the number of developers using that language.
what's Included
- Unlimited applications per language ecosystem with no metering or rate limiting for pulls
- Backported patches for critical and high severity CVEs in popular language dependencies
- Cross-compatibility across Linux distros (ChainguardOS, RHEL, Debian, Ubuntu, and more)
Chainguard Libraries features
Features
Per Ecosystem
Language libraries access
Full access to language dependencies for subscribed ecosystems
Unlimited pulls with no metering
Full dependency tree continuously built from source in SLSA L2 hardened environment
Cross-compatibility across Linux distributions
Code signatures and build receipts for every artifact
Console to manage entitlements, pull tokens, and more
Ability to request new language libraries at no cost
Backported CVE patching
Currently Python only
Chainguard VMs
Minimal, secure-by-design virtual machine images for all deployments
Scoped Enterprise Deployments
Per Image
Licensed by number and type of images (base, app, and container host).
what's Included
- Contractual CVE SLA
- All upstream supported tags
wall-to-wall standardization
Catalog
Licensed by size of engineering organization.
what's Included
- Contractual CVE SLA
- All upstream supported tags
- Full access to Chainguard’s VM catalog, including newly added images over time
Chainguard VMs features
Features
Per Image
Catalog
Full access to the Chainguard Catalog
Select access to certain VMs
Virtual machine image access
Continuously built from source in SLSA L2 hardened infrastructure with CVE patching
CVE remediation SLA (7 days for critical, 14 days for high/med/low)
All upstream supported versions, including major and minor tags (i.e., Python 3.10-3.14)
Enterprise-grade support for multi-cloud and on-prem
Customization capabilities using Hashicorp Packer
Console to manage images, entitlements, pull tokens, and more