Background: The Growing Threat to Software Supply Chains
In recent years, software supply chain attacks have escalated dramatically. Attackers have increasingly targeted the open source components and CI/CD pipelines that underpin modern development. Notable incidents include the hijacking of tj-actions/changed-files on GitHub, where malicious commits leaked secrets from over 23,000 repositories, and the upload of malicious skills to OpenClaw registries that infected developer machines with Atomic macOS Stealer. These events underscore the urgent need for automated, continuous hardening of every artifact that enters the software supply chain.
Traditional security approaches have relied on manual reviews, periodic scans, and event-driven scripts that often break or become outdated. Recognizing this gap, Chainguard has unveiled the second generation of its platform—Factory 2.0—designed to automate the reconciliation and hardening of open source images, containers, libraries, and CI/CD actions. The platform was introduced at the Assemble conference in New York, marking a significant evolution in how organizations can secure their development workflows.
What Is Factory 2.0?
Factory 2.0 replaces the original platform's complex, event-driven automations with a more durable system that combines standard code with agentic reconciliation bots. Built on a revamped control plane enabled by artificial intelligence, the new platform uses a controller/reconciler model to orchestrate and continuously reconcile open source artifacts across containers, libraries, GitHub Actions, and agent skills. This model ensures that every component remains up to date, patched, and free from known vulnerabilities without fragile, throwaway scripts.
At the core of this architecture is the DriftlessAF agentic framework, an open source tool that continuously watches for drift between approved artifact versions and those actually in use. When a new patch or update is released upstream, DriftlessAF automatically reconciles the artifact without human intervention. This approach reduces the burden on security teams and ensures that hardening is applied proactively rather than reactively.
Hardened Catalogs: Chainguard Actions and Agent Skills
Two key components of Factory 2.0 are hardened catalogs for GitHub Actions and AI agent skills. Chainguard Actions provides a nonstop, continuously maintained catalog of more than 100 of the most popular GitHub Actions, sourced from the GitHub marketplace. These are not merely copies; Chainguard re-creates each action from source, inspects it for security issues, and hardens it by removing unsafe code or configurations. When upstream updates or new vulnerabilities emerge, the hardened versions are updated accordingly. This allows developers and AI agents to use trusted CI/CD workflows without worrying about supply chain risk.
According to a company representative, Chainguard Actions act as drop-in replacements for existing workflows. The tool detects potentially unsafe code and remediates it so that the version running in a customer's pipeline is far less likely to be compromised. This addresses the reality that CI/CD pipelines are among the most privileged systems in software development—they have write access to repositories, deployment credentials, signing keys, and full access to production infrastructure. Third-party workflows from unknown sources are a major vector for attacks, and Chainguard Actions eliminate that exposure.
Similarly, Chainguard Agent Skills is a catalog of continuously hardened, third-party AI agent skills. These skills are small, modular instruction sets that allow agents to perform tasks such as browser automation, PDF processing, SEO checking, web design, and code quality reviews. By using hardened skills, organizations can safely let AI agents execute actions without exposing them to malicious instructions. The skills are stored as simple markdown files that can be integrated into any agent framework.
The Guardener: Automated Migration and Maintenance
Another new offering is Chainguard Guardener, an AI agent that automates the migration and maintenance of trusted open source artifacts across both development and deployment workflows. The initial release of Guardener automatically converts legacy Dockerfiles into minimal, zero-CVE Chainguard container images. Future updates will extend this capability to other configuration scripts. A product vice president described Guardener as an agent that will be placed in customer environments to enable more automated adoption of secure images.
The Guardener works alongside Chainguard Actions to create a fully automated secure supply chain. For example, a customer's existing Dockerfiles can be scanned, then automatically converted to Chainguard's hardened images. As new vulnerabilities are discovered, the Guardener reconciles the images to maintain security without manual effort.
Industry Perspective and Adoption
The automation provided by Factory 2.0 is seen as a key enabler for widespread adoption of secure software practices. One industry executive, the CISO of a large IT services firm, noted that current adoption of hardened images is very manual—developers must go to a library, download an image, and place it in their artifact repository. With Chainguard Actions and Guardener, this process can be tied back to Git repositories and automated entirely. The executive predicted that this automation will dramatically increase adoption rates.
The platform's design also addresses the challenge of scaling security across large organizations. As development teams increasingly rely on AI agents to write code, the risk of those agents pulling untrusted open source components grows. Factory 2.0 provides a trusted foundation that allows agents to move fast without taking on supply chain risk.
In summary, Chainguard Factory 2.0 represents a fundamental shift in supply chain security—from manual, periodic hardening to continuous, automated reconciliation. By combining a robust control plane with hardened catalogs and an AI-driven migration agent, the platform aims to make secure software supply chains the default, not an afterthought.
Source: Dark Reading News