Chainguard

Chainguard is a security-oriented software publisher whose single public-facing tool, Chainguard Control, addresses the narrow but critical need for command-line governance of cloud-native supply-chain assets. Written in Go and distributed as the chainctl binary, the utility exposes a declarative interface for enrolling container images, signing artifacts, and enforcing policy across Chainguard’s managed signing infrastructure. Typical use cases mirror the daily workflow of DevSecOps teams: rotating short-lived OIDC tokens that attest image provenance, querying the visibility graph of SBOMs and SLSA attestations, or batch-removing stale repository records when a product line is retired. Because chainctl talks directly to Chainguard’s control-plane API, it also surfaces runtime telemetry—vulnerability counts, signature age, policy violations—that security engineers feed into Grafana or Splunk dashboards for SOC-level alerting. The tool is lightweight, stateless, and fits neatly into CI/CD templates, so a single “chainctl image import” step can replace homemade shell scripts that once cobbled together cosign, regctl, and jq. While the publisher’s catalog is currently limited to this one CLI, its design philosophy—minimal surface, maximal cryptographic verifiability—signals where future offerings are likely to expand. Chainguard Control is available for free on get.nero.com, with downloads delivered through trusted Windows package sources such as winget, always pulling the latest release and supporting unattended batch installation alongside other utilities.