Chainguard hardens the base image. Safeguard covers the rest of the supply chain.
Chainguard's distroless images are an excellent starting point. They aren't the whole answer. Safeguard runs the same Griffin model lineup against your application, your transitive dependencies, your IaC, and whatever base image you ship — including Chainguard images. The two coexist, the gap is where the rest of the supply chain lives.
At a glance. Capability matrix.
A direct read of where Chainguard sits and where Safeguard adds.
| Capability | Safeguard | Chainguard |
|---|---|---|
| Reachability analysis with call-graph | Image hardening focus | |
| AI reasoning-model lineup (Griffin) | ||
| Auto-fix PRs with cited reasoning trace | ||
| Deep transitive dependency analysis | ||
| 11 integrated scanners with cross-scanner dedup | ||
| EPSS + KEV exploit prioritisation | ||
| Air-gapped deployment | Cloud-delivered images | |
| MCP-server governance for AI in the SDLC | ||
| AI-BOM generation | ||
| CycloneDX + SPDX SBOM | Per image | |
| Signed artefacts (sigstore / cosign) | Excellent here | |
| Zero-day discovery (taint + LLM hypothesis) | ||
| Full-application source-code coverage | Base image only | |
| Minimal near-zero-CVE container images | Use Chainguard images as input | Their core product |
| In-house multi-variant security LLM lineup (7 models) | Griffin 5 variants + Eagle + Lion | |
| Long-context attention architecture (MoE in largest tier) | Aegis attention | |
| Security-only training corpus (no customer code, no web crawl) | ||
| Security-augmented tokeniser | ||
| Structured reasoning trace as first-class output | ||
| Adversarial disproof pass on every finding | ||
| Auto-router across model variants by triage score | ||
| Inline on-device model (sub-100ms p95) | ||
| Cross-package taint chain reasoning (12+ hops) | No app-code analysis | |
| Multi-finding correlation in a single reasoning pass | ||
| Local AI coding agent (Safeguard Code) | ||
| MCP Server with capability scoping + egress guardrails | ||
| AI-BOM | ||
| Coordinated disclosure pipeline (patch + maintainer tests + draft) | Strong image patch cadence | |
| Public threat intelligence feed (RSS / JSON / STIX) | Advisories, no machine feed | |
| Published security research with coordinated disclosure | Sigstore + image advisories | |
| Bug bounty programme for the platform itself | ||
| Sovereign + air-gapped deployment with full 671B-MoE model | Full Griffin Zero in air gap | Cloud-delivered images |
| Publicly published Constitutions (Security / AI / Human Values) | ||
| Public product roadmap | ||
| Public training & certification programme | Docs, no formal cert track | |
| Customer-verifiable model provenance bundle | ||
| Five documented model deployment shapes | ||
| Customer-controlled audit log export (JSON + CycloneDX) | Per-image SBOM export | |
| Sandbox tenant for self-serve evaluation | Free image catalogue |
Where Chainguard genuinely leads.
Honest read of where Chainguard is the right call.
Minimal, continuously-rebuilt near-zero-CVE images
Chainguard's minimalist, continuously-rebuilt container images are genuinely best-in-class for what they do — strip the surface area down so there's less to patch in the first place. Their newer Chainguard Libraries extend that hardened, rebuilt-from-source approach to language dependencies. If your problem is "our base images and runtimes carry too much," Chainguard solves it cleanly.
Strong signing and provenance posture
Chainguard ships signed images with strong provenance and attestation defaults out of the box. The supply-chain integrity story around their image artefacts is one of the cleanest in the industry — no argument there.
Fast CVE patch cadence on the images they maintain
When a CVE drops in glibc, openssl, or a similarly load-bearing component, Chainguard turns around a patched base image quickly. For teams whose primary risk is the base image, that's real operational value.
Credible disclosure and image-advisory pipeline
Chainguard's ties to Sigstore and the consistency of their image advisories earn a check on the published-research and coordinated-disclosure rows. It is image-scoped rather than application-scoped, but within that scope the operation is genuinely well-run.
Where Safeguard leads.
Four concrete capabilities, each tied to a shipping feature.
Image hardening is one part of the problem
Chainguard fixes the base image. Safeguard covers the rest: source code, dependencies with deep transitive dependency analysis, IaC, build, CI/CD, and the resulting container. Your application can have a clean base and still ship a vulnerable function that's reachable from an HTTP entry point — Safeguard catches that.
Griffin reasoning for app-code CVEs
Chainguard ships patched images. Safeguard ships patches for your code — Griffin drafts the PR, cites the reasoning trace, and proposes the regression tests. The lineup runs against whatever base image you ship, including Chainguard images, with no conflict.
Reachability + zero-day discovery on top
Even on a Chainguard base, your application's transitive dependencies have CVEs. Safeguard's call-graph reachability tells you which ones reach a vulnerable code path, and the engine-plus-Griffin pipeline surfaces zero-days before they become CVEs.
AI and MCP governance Chainguard doesn't ship
Chainguard doesn't cover AI/ML supply chain or MCP-server governance. Safeguard treats AI models, prompts, and agent tool surfaces as first-class supply-chain components with their own SBOM, policy gates, and zero-day discovery.
Migration path.
Four steps. Keep your Chainguard images and add the rest of the supply chain.
Keep your Chainguard base images
We're not asking you to replace them — they're a sensible starting point. Pull your current image catalogue and your existing SBOMs.
Run a Safeguard scan on the same images and the source behind them
One pass covers source + dependencies + IaC + the resulting container, on top of whatever base image you ship.
Diff the findings
Base-image CVEs on one side; application-layer reachable CVEs and zero-day candidates on the other. The gap is where the rest of the supply chain lives.
Cutover and keep both
Chainguard images stay as the input; Safeguard policy gates and Griffin auto-fix run across the full application supply chain. The two coexist cleanly.