BIP Pennsylvania News

collapse
Close menu
×
Home / Daily News Analysis / Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain

Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain

May 13, 2026  Twila Rosenbaum  3 views
Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain

Chainguard has unveiled Factory 2.0, the second generation of its platform for maintaining hardened open source images and secure software artifacts, components, and images. The announcement was made at the Assemble conference in New York in March. The new framework replaces the original platform's traditional, complex, event-driven, rule-based automations with a more durable system that combines standard code and agentic reconciliation bots.

Built with a revamped framework enabled by artificial intelligence, Factory 2.0's new control plane is designed to manage software pipelines using a controller/reconciler model to orchestrate and continuously reconcile open source artifacts across containers, libraries, GitHub Actions, and agent skills. The open source DriftlessAF agentic framework is used to keep approved open source artifacts continuously updated and patched, rather than relying on delicate, throwaway scripts.

The Evolving Threat Landscape

The revamp is timely, as threat actors continue to develop new ways of spreading malware into software supply chains. Last year, attackers hijacked tj-actions/changed-files, a popular GitHub Action on GitHub's continuous integration/continuous delivery (CI/CD) platform, and redirected GitHub Actions tags to a malicious commit. This resulted in a leak of secrets from over 23,000 repositories. More recently, adversaries uploaded malicious skills to OpenClaw registries that instructed coding agents to install the Atomic macOS Stealer on developers' machines.

CI/CD pipelines are considered the most privileged systems in the development and maintenance of software because they have write permissions in repositories, deployment credentials, signing keys, and access to an organization's entire production infrastructure. The pipelines are wide targets because the workflows that run within them are often not inspected and, in many cases, come from unknown third parties.

Preview of Actions, Skills, and Guardener

Chainguard Actions is a hardened catalog of GitHub Actions and similar CI/CD workflows built and continuously maintained in Chainguard Factory 2.0. Rather than letting developers or AI agents pull random GitHub Actions from third parties, Chainguard Actions provides a nonstop, hardened catalog of vetted workflows that Chainguard re-creates from source and secures the restored workflows when upstream updates or new exploits appear. Chainguard Actions are designed to eliminate risk from configurations and malware in third-party actions.

Dan Lorenc, Chainguard's co-founder and CEO, said at the Assemble conference: "These are secure by default, drop-in replacements of upstream GitHub Actions for your CI/CD pipelines. They let your developers and agents shift fast without taking on supply chain risk in the pipeline itself."

The preview currently includes more than 100 of the top actions from the GitHub marketplace, with dozens of hardened fixes that make them easier to use without worrying about security risks. Patrick Donahue, Chainguard's chief product officer, explained that the tool takes the actions as they exist and hardens them. "If you use an action today that logs into a particular system but it's got some potentially unsafe code, we will detect that and remediate that so the version you're running from us is much less likely to get compromised," Donahue said.

Chainguard Agent Skills is a catalog of continuously hardened, third-party AI agent skills that lets developers securely plug capabilities into AI agents. These are small, modular instruction sets. "These are just markdown files, just instructions that you could have otherwise typed," Donahue said. "Imagine if you could tap all the experts in an industry and be able to ask them questions and do stuff for you. That's essentially what the skills do."

Third-party skills are intended to enhance the capabilities of AI agents that perform specific tasks, such as browser automation (e.g., agents running in browsers), PDF processing, SEO checking, Web design, and code quality reviews.

Chainguard Guardener is an AI agent that automates the migration and maintenance of trusted open source artifacts across both development and deployment workflows. The initial release automatically converts legacy Dockerfiles into minimal, zero-CVE Chainguard container images. Future updates will add that capability to other configuration scripts. Ed Sawma, a Chainguard product VP, said: "The Guardener is our agent that we're going to put in customer environments to allow customers to use our images in a more automated way."

Adeel Saeed, Kyndryl's CISO, said that Chainguard Actions and Guardener together will automate the maintenance of secure images and agents. "Today, the adoption that we have is very manual because you go to the library, you download an image, and then you put it in your Artifactory. With the Actions piece, we can tie it back to the Git [open source version control tool], while with the Guardener, we can tie it back to the whole Git repo, and automate that process. I think it will definitely help with adoption."

Background on Software Supply Chain Security

The software supply chain has become a prime target for attackers, with incidents such as the SolarWinds breach and the Log4j vulnerability highlighting the risks of dependencies and unvetted code. Many organizations struggle to maintain secure environments because they rely on thousands of open source components that are constantly updated, and manual patch management is impractical. Automated solutions that continuously reconcile and harden artifacts are increasingly seen as necessary to keep pace with the threat landscape.

Chainguard's original Factory was launched in response to these challenges, focusing on providing hardened container images and a curated set of open source packages. Factory 2.0 represents a significant shift toward an agentic approach, where AI-driven bots monitor and fix artifacts in real-time, reducing the burden on security teams. The DriftlessAF framework is open source, allowing the community to contribute and audit the reconciliation logic.

Industry analysts have noted that the integration of AI into security operations is a growing trend. By leveraging AI agents like Guardener and continuously hardened skills, Chainguard aims to provide a proactive defense rather than a reactive one. The ability to automatically convert legacy Dockerfiles to minimal, secure images is particularly valuable for organizations with large existing infrastructures.

The release of Factory 2.0 also acknowledges the rise of AI agents in development workflows. As more companies adopt AI coding assistants, the risk of supply chain attacks through agent skills increases. Chainguard's Agent Skills catalog offers a curated alternative that reduces the chance of malware infiltration.

Broader Implications for Cybersecurity Operations

The announcement comes at a time when cybersecurity operations are under pressure to deliver secure software faster. DevSecOps practices emphasize integrating security into the development lifecycle, but many organizations still struggle with manual processes. Factory 2.0 aligns with the concept of "shift left" by automating security checks and updates at the point of use.

Chainguard's approach of rebuilding and hardening upstream actions rather than simply scanning them represents a shift from detection to prevention. This method ensures that even if an upstream action has a vulnerability, the hardened version is patched before it reaches developers. The same logic applies to container images, where zero-CVE images are provided as alternatives to standard distributions.

The Guardener agent is expected to learn from the environment and propose migrations to secure images, further reducing manual intervention. As AI agents become more capable, the line between automated tools and full-fledged security engineer functions will blur, but for now, human oversight remains critical. Chainguard has emphasized that Factory 2.0 is designed to augment security teams, not replace them.

The company also highlights that all components of Factory 2.0 are built on open source foundations, with the DriftlessAF framework available on GitHub. This transparency allows security researchers to verify the reconciliation logic and contribute improvements. The community aspect is crucial for building trust in the platform.

Looking ahead, Chainguard plans to expand the catalog of hardened actions and skills, integrate with more CI/CD platforms, and enhance the Guardener's capabilities. The goal is to create a self-sustaining ecosystem where software artifacts are continuously maintained without human intervention, freeing security teams to focus on more strategic initiatives.

As software supply chain attacks become more sophisticated, automated hardening platforms like Factory 2.0 will likely become standard tools for organizations that prioritize secure development. The combination of AI-driven reconciliation, hardened catalogs, and agent-based automation offers a new paradigm for managing open source risk at scale.


Source: Dark Reading News


Share:

Related posts
Your experience on this site will be improved by allowing cookies Cookie Policy

These cookies are essential for the website to function properly.

These cookies help us understand how visitors interact with the website.

These cookies are used to deliver personalized advertisements.