Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain

APPLICATION SECURITY CYBERSECURITY OPERATIONS CYBER RISK СLOUD SECURITY News, news analysis, and commentary on the latest trends in cybersecurity technology. Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain The rebuilt Chainguard platform adds deeper security designed to continuously reconcile open-source artifacts across containers, libraries, Actions and skills. Jeffrey Schwartz,Contributing Writer April 3, 2026 4 Min Read SOURCE: IM_IMAGERY VIA SHUTTERSTOCK Chainguard unveiled Factory 2.0, the second generation of its platform for maintaining hardened open-source images and secure software artifacts, components, and images, at the Assemble conference in New York in March. The new framework replaces the original platform's traditional, complex, event-driven, rule-based automations with a more durable system that combines standard code and agentic reconciliation bots.  Built with a revamped AI-enabled framework, Factory 2.0's new control plane is designed to manage software pipelines using a controller/reconciler model to orchestrate and continuously reconcile open-source artifacts across containers, libraries, Actions, and skills, the company said. The open source DriftlessAF agentic framework is designed to keep approved open-source artifacts continuously updated and patched, rather than relying on delicate, throwaway scripts. The revamp is timely, as threat actors are developing new ways to spread malware into software supply chains. Just last year, attackers hijacked tj‑actions/changed-files, a popular GitHub Action on GitHub's Continuous Integration/Continuous Delivery (CI/CD) platform, and redirected GitHub Actions tags to a malicious commit. This resulted in a leak of secrets from over 23,000 repositories. More recently, adversaries uploaded malicious skills to OpenClaw registries that instructed coding agents to install the Atomic macOS Stealer on developers' machines. Related:Flaw-Finding AI Assistants Face Criticism for Speed, Accuracy Preview of Actions, Skills, and Guardener Chainguard Actions, a hardened catalog of GitHub Actions and similar CI/CD workflows built and continuously maintained in the Chainguard Factory, address those attack methods. CI/CD pipelines are considered the most privileged systems in the development and maintenance of software because they have write permissions in repositories, deployment credentials, signing keys, and access to an organization's entire production infrastructure. The pipelines are wide targets because the workflows that run within them are often not inspected and, in many cases, come from unknown third parties. Rather than letting developers or AI agents pull random GitHub Actions from third parties, Chainguard Actions provides a nonstop, hardened catalog of vetted workflows that Chainguard recreates from source and secures the restored workflows when upstream updates or new exploits appear. Chainguard Actions are designed to eliminate risk from configurations and malware in third-party actions, Dan Lorenc, Chainguard's co-founder and CEO, told attendees at the Assemble conference. Related:Automaker Secures the Supply Chain With Developer-Friendly Platform "These are secure by default, drop-in replacements of upstream GitHub Actions for your CI/CD pipelines," Lorenc said. "They let your developers and agents shift fast without taking on supply chain risk in the pipeline itself." The preview currently includes over 100 of the top actions from the GitHub marketplace, with dozens of hardened fixes that make them easier to use without worrying about security risks. Patrick Donahue, Chainguard's chief product officer, tells Dark Reading that the tool takes the actions as they exist and hardens them. "If you use an action today that logs into a particular system but it's got some potentially unsafe code, we will detect that and remediate that so the version you're running from us is much less likely to get compromised," Donahue explains.  Chainguard Agent Skills, a catalog of continuously hardened third-party AI agent skills that lets developers securely plug capabilities into AI agents, are small, modular instruction sets. "These are just markdown files, just instructions that you could have otherwise typed," Donahue says. "Imagine if you could tap all the experts in an industry and be able to ask them questions and do stuff for you. That's essentially what the skills do.” Related:AI Agents Undermine Progress in Browser Security Third-party skills are intended to enhance the capabilities of AI agents that perform specific tasks, such as browser automation (e.g., agents running in browsers), PDF processing, SEO checking, web design, and code quality reviews. Chainguard Guardener is an AI agent that automates the migration and maintenance of trusted open-source artifacts across both development and deployment workflows. The initial release automatically converts legacy Dockerfiles into minimal, zero-CVE Chainguard container images. Future updates will add that capability to other configuration scripts. "The Gardener is our agent that we're going to put in customer environments, to allow customers to use our images in a more automated way," says Ed Sawma, a Chainguard product VP. Adeel Saeed, Kyndryl's CISO, says that Chainguard Actions and Guardener, together, will automate the maintenance of secure images and agents. "Today, the adoption that we have is very manual because you go to the library, you download an image, and then you put it in your Artifactory,” Saeed says. "With the Actions piece, we can tie it back to the Git [open-source version control tool], while with the Gautener, we can tie it back to the whole Git repo, and automate that process. I think it will definitely help with adoption." About the Author Jeffrey Schwartz Contributing Writer Jeffrey Schwartz is a journalist who has covered information security and all forms of business and enterprise IT, including client computing, data center and cloud infrastructure, and application development for more than 30 years. Jeff is a regular contributor to Channel Futures. Previously, he was editor-in-chief of Redmond magazine and contributed to its sister titles Redmond Channel Partner, Application Development Trends, and Virtualization Review. Earlier, he held editorial roles with CommunicationsWeek, InternetWeek, and VARBusiness. Jeff is based in the New York City suburb of Long Island. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Gartner IGA Voice of the Customer 2026 Cybersecurity Forecast 2026 The ROI of AI in Security Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like APPLICATION SECURITY 'God-Like' Attack Machines: AI Agents Ignore Security Policies by Robert Lemos FEB 20, 2026 APPLICATION SECURITY OpenClaw AI Runs Wild in Business Environments by Robert Lemos, Contributing Writer JAN 30, 2026 APPLICATION SECURITY Trump Administration Rescinds Biden-Era Software Guidance by Alexander Culafi JAN 29, 2026 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 Latest Articles in DR Technology ENDPOINT SECURITY CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry APR 3, 2026 ENDPOINT SECURITY The Forgotten Endpoint: Security Risks of Dormant Devices MAR 31, 2026 CYBERSECURITY OPERATIONS AI Dominates RSAC Innovation Sandbox MAR 25, 2026 CYBERSECURITY OPERATIONS AI-Native Security Is a Must to Counter AI-Based Attacks MAR 25, 2026 Read More DR Technology Want more Dark Reading stories in your Google search results? BLACK HAT ASIA | MARINA BAY SANDS, SINGAPORE Experience cutting-edge cybersecurity insights in this four-day event featuring expert Briefings on the latest research, Arsenal tool demos, a vibrant Business Hall, networking opportunities, and more. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass. GET YOUR PASS