Chainguard's distroless images are an excellent starting point. They aren't the whole answer. Safeguard runs the same Griffin model lineup against your application, your transitive dependencies, your IaC, and whatever base image you ship — including Chainguard images. The two coexist, the gap is where the rest of the supply chain lives.
A direct read of where Chainguard sits and where Safeguard adds.
| Capability | Safeguard | Chainguard |
|---|---|---|
| Reachability analysis with call-graph | Image hardening focus | |
| AI reasoning-model lineup (Griffin) | ||
| Auto-fix PRs with cited reasoning trace | ||
| 100-level deep transitive scan | ||
| 11 integrated scanners with cross-scanner dedup | ||
| EPSS + KEV exploit prioritisation | ||
| Air-gapped deployment | Cloud-delivered images | |
| MCP-server governance for AI in the SDLC | ||
| AI-BOM generation | ||
| CycloneDX + SPDX SBOM | Per image | |
| Signed artefacts (sigstore / cosign) | Excellent here | |
| Zero-day discovery (taint + LLM hypothesis) | ||
| Full-application source-code coverage | Base image only | |
| Low-CVE distroless base images | Use Chainguard images as input | Their core product |
Honest read of where Chainguard is the right call.
Chainguard's minimalist, distroless base images are genuinely best-in-class for what they do — strip the surface area down so there's less to patch in the first place. If your problem is "our base images carry too much," Chainguard solves it cleanly.
Chainguard ships signed images with strong provenance and attestation defaults out of the box. The supply-chain integrity story around their image artefacts is one of the cleanest in the industry — no argument there.
When a CVE drops in glibc, openssl, or a similarly load-bearing component, Chainguard turns around a patched base image quickly. For teams whose primary risk is the base image, that's real operational value.
Four concrete capabilities, each tied to a shipping feature.
Chainguard fixes the base image. Safeguard covers the rest: source code, dependencies 100 levels deep, IaC, build, CI/CD, and the resulting container. Your application can have a clean base and still ship a vulnerable function that's reachable from an HTTP entry point — Safeguard catches that.
Chainguard ships patched images. Safeguard ships patches for your code — Griffin drafts the PR, cites the reasoning trace, and proposes the regression tests. The lineup runs against whatever base image you ship, including Chainguard images, with no conflict.
Even on a Chainguard base, your application's transitive dependencies have CVEs. Safeguard's call-graph reachability tells you which ones reach a vulnerable code path, and the engine-plus-Griffin pipeline surfaces zero-days before they become CVEs.
Chainguard doesn't cover AI/ML supply chain or MCP-server governance. Safeguard treats AI models, prompts, and agent tool surfaces as first-class supply-chain components with their own SBOM, policy gates, and zero-day discovery.
Four steps. Keep your Chainguard images and add the rest of the supply chain.
We're not asking you to replace them — they're a sensible starting point. Pull your current image catalogue and your existing SBOMs.
One pass covers source + dependencies + IaC + the resulting container, on top of whatever base image you ship.
Base-image CVEs on one side; application-layer reachable CVEs and zero-day candidates on the other. The gap is where the rest of the supply chain lives.
Chainguard images stay as the input; Safeguard policy gates and Griffin auto-fix run across the full application supply chain. The two coexist cleanly.