Chainguard has unveiled Factory 2.0, the second generation of its platform designed to maintain hardened open source images and secure software artifacts. The announcement came at the Assemble conference in New York in March. The new framework replaces the original platform's traditional, event-driven, rule-based automations with a more durable system that combines standard code and agentic reconciliation bots.

The rebuilt platform leverages an AI-enabled control plane that manages software pipelines using a controller/reconciler model. This orchestrates and continuously reconciles open source artifacts across containers, libraries, GitHub Actions, and agent skills. The open source DriftlessAF agentic framework keeps approved artifacts updated and patched without relying on throwaway scripts.

Key Facts

• The platform introduces Chainguard Actions, a hardened catalog of GitHub Actions and CI/CD workflows built and maintained in Factory 2.0.
• Chainguard Agent Skills offer a catalog of continuously hardened, third-party AI agent skills, providing small modular instruction sets.
• Chainguard Guardener is an AI agent that automates migration and maintenance of trusted open source artifacts, converting legacy Dockerfiles into minimal, zero-CVE container images.
• The revamp responds to recent supply chain attacks, including the hijacking of tj-actions/changed-files and malicious skills uploaded to OpenClaw registries.

CI/CD pipelines are considered the most privileged systems in software development because they have write permissions to repositories, deployment credentials, signing keys, and access to an organization's entire production infrastructure. These pipelines are wide targets because workflows are often uninspected and come from unknown third parties. Rather than letting developers or AI agents pull random GitHub Actions, Chainguard Actions provides a nonstop, hardened catalog of vetted workflows that Chainguard re-creates from source and secures when upstream updates or exploits appear.

Dan Lorenc, Chainguard's co-founder and CEO, stated at the conference that these are secure-by-default, drop-in replacements for upstream GitHub Actions, allowing developers and agents to move fast without taking on supply chain risk. The preview currently includes over 100 of the top actions from the GitHub marketplace with dozens of hardened fixes.

Patrick Donahue, chief product officer, explained that the tool takes existing actions and hardens them, detecting and remediating unsafe code. For instance, if an action logs into a system with potentially unsafe code, Chainguard will fix it before it reaches the developer.

Chainguard Agent Skills are small, modular instruction sets that enhance AI agents for tasks like browser automation, PDF processing, SEO checking, web design, and code quality reviews. Donahue compared them to tapping all the experts in an industry to answer questions or perform tasks.

The Guardener agent automatically converts legacy Dockerfiles into minimal, zero-CVE Chainguard container images. Future updates will add capability for other configuration scripts. Ed Sawma, a product VP, said the Guardener will be placed in customer environments to allow more automated use of Chainguard images.

Adeel Saeed, Kyndryl's CISO, noted that Chainguard Actions and Guardener together will automate the maintenance of secure images and agents. He said adoption today is manual because users download images and put them in an Artifactory. With Actions and Guardener, the process ties back to Git repositories and automates the entire workflow, increasing adoption.

The revamp is timely as threat actors develop new ways to spread malware into software supply chains. Last year, attackers hijacked tj-actions/changed-files on GitHub's CI/CD platform, redirecting tags to a malicious commit and leaking secrets from over 23,000 repositories. More recently, adversaries uploaded malicious skills to OpenClaw registries that instructed coding agents to install the Atomic macOS Stealer on developers' machines.

Factory 2.0's architecture represents a shift from event-driven automations to a controller/reconciler model, which is more durable and scalable. The DriftlessAF framework ensures that approved open source artifacts are continuously updated, reducing the risk of configuration drift and vulnerabilities. By integrating AI-driven reconciliation, Chainguard aims to eliminate the fragility of manual scripts and traditional security tools.

The platform also addresses the challenge of third-party dependencies in CI/CD workflows. Many organizations unknowingly pull actions from unknown sources, exposing themselves to malware and misconfigurations. Chainguard Actions provide a trusted alternative that is continuously maintained and hardened. The team behind the platform includes engineers who have worked on open source security projects and contributed to major industry standards.

Chainguard's focus on open source security aligns with broader industry trends as software supply chain attacks become more sophisticated. Organizations are under pressure to secure their pipelines without slowing development. Factory 2.0 aims to balance speed and security by automating the hardening process. The controller/reconciler model is inspired by Kubernetes controllers, which continuously ensure desired states are maintained.

In addition to the new offerings, Chainguard is contributing to the open source community with DriftlessAF, which can be used by other organizations to build similar reconciliation bots. This move is expected to foster wider adoption of secure artifact management practices.

The announcement has drawn interest from security professionals and developers who see it as a step toward reducing the manual effort required to keep software supply chains secure. As attacks like the tj-actions incident and the Atomic macOS Stealer show, the attack surface is expanding rapidly, and automated solutions are becoming necessary.

Chainguard plans to expand the catalog of hardened actions and skills in the coming months, with support for more CI/CD platforms and agent frameworks. The Guardener agent will also gain the ability to handle other configuration scripts beyond Dockerfiles, further automating the migration to secure artifacts.

Source: Dark Reading News