Chainguard Launches FIPS-Validated Zero-CVE EKS Add-ons on AWS Marketplace

New updates have been reported about Chainguard.

Chainguard has expanded its commercial footprint on AWS by launching five hardened Amazon EKS add-ons in AWS Marketplace, positioning itself as the only third-party provider offering zero-known-CVE, FIPS 140-3 validated add-on images for enterprises that manage their own EKS add-on lifecycle. The offering targets highly regulated customers pursuing FedRAMP, HIPAA, PCI-DSS and other compliance regimes, enabling them to deploy compliant Kubernetes infrastructure using AWS-native procurement and workflows while preserving granular control over core components.

The initial portfolio covers kube-proxy, CoreDNS, VPC CNI, EBS CSI and EFS CSI, effectively addressing the core networking, storage and DNS functions of an EKS cluster with pre-hardened, FIPS-validated container images. By plugging into existing EKS environments without requiring a migration to fully managed modes, Chainguard reduces the need for in-house custom hardening and ongoing maintenance, which has been a key operational burden for security and platform teams seeking compliance-ready images.

Strategically, this move leverages Chainguard’s broader catalog of more than 2,300 minimal, continuously rebuilt container images that ship with zero known CVEs, software bills of materials (SBOMs) and verifiable signatures, reinforcing its positioning as a security-first supplier of open source components. The company is directly addressing a threat landscape where AI-driven vulnerability discovery and nation-state activity are increasing pressure on software supply chains, particularly in public sector and heavily regulated verticals that run EKS at scale.

Chainguard’s Senior Vice President of Product, Patrick Donahue, framed the launch as eliminating the historical tradeoff between bespoke, internally hardened images and fully managed infrastructure, arguing that customers can now meet stringent FIPS requirements without slowing developer delivery. For Chainguard, embedding its hardened images into AWS Marketplace procurement flows deepens alignment with AWS, potentially increasing recurring revenue from large enterprises that standardize on these add-ons as part of their compliance architecture.

The availability of these EKS add-ons also creates a clear upsell path into Chainguard’s wider container image portfolio, as customers looking to reduce their attack surface can expand adoption beyond cluster infrastructure components. Longer term, if regulators continue to tighten requirements around cryptographic modules and software supply chain transparency, Chainguard’s FIPS-validated, zero-CVE positioning within AWS Marketplace could become a competitive differentiator in winning large, compliance-sensitive accounts.

Security and platform leaders evaluating Kubernetes risk can now procure Chainguard’s EKS add-ons directly through AWS Marketplace, integrate them into existing node groups, and align compliance, developer productivity and operational control. The launch reinforces Chainguard’s strategy of being the default trusted source for production-grade open source software in cloud-native environments, while giving AWS-centric customers a lower-friction route to hardening critical infrastructure components at scale.