Chainguard Console on

Subscribing to Chainguard CloudEvents

Thu, 24 Apr 2025 15:22:20 +0100

Chainguard implements CloudEvents, a specification for a standard format for events data. This means developers can use events (generated based on interactions with Chainguard resources) to initiate processes and thus automate certain actions. For example, you could set up infrastructure to listen for push events to an organization’s private registry and mirror any new Chainguard Containers in the registry to a third-party repository.

This article includes an example of how to use chainctl to create an event subscription. It also includes details on how to validate events from Chainguard and highlights some potential use cases for them. This article is primarily focused on Registry push and pull events. Push events occur when an image in your entitlement is added or updated. Pull events occur when an image is pulled from your Chainguard repository. Be aware, though, that there are also events related to IAM, such as user creation and adding identity providers.

Create Role-bindings for a GitHub Team Using Terraform

Sat, 10 Jun 2023 08:48:45 +0000

There may be cases where an organization will want multiple users to have access to the same Chainguard organization. Chainguard allows you to grant other users access to Chainguard by generating an invite link or code.

In addition, you can now grant access to users using Terraform and identity providers like GitHub, GitLab, and Google. You can also manage access through these providers’ existing group structures, like GitHub Teams or GitLab Groups. Granting access through Terraform helps to reduce the risk of unwanted users gaining access to Chainguard.

How to Manage Chainguard IAM Organizations

Fri, 15 Jul 2022 15:22:20 +0100

Chainguard provides a rich Identity and Access Management (IAM) model similar to those used by AWS and GCP. This guide outlines how to manage Chainguard’s IAM structures with the chainctl command line tool.

Note: You should work with Chainguard’s Customer Success team to create or delete organizations. This will help to ensure that no users lose access to resources and that your IAM structure is configured correctly.

Logging in

To authenticate into the Chainguard platform, run the following login command.

Requesting New Chainguard Resources

Thu, 26 Feb 2026 11:07:52 +0200

The Chainguard Console includes the Requests section where customers can submit and track requests for resources that Chainguard doesn’t currently offer. This improves transparency around which technologies Chainguard is working to build and helps minimize duplicate build requests.

This guide provides an overview of how to submit a request for a new resource to Chainguard, as well as the limitations on what resources can be built.

Note: The Requests section is in beta.

Mirror new Containers to Google Artifact Registry with Chainguard CloudEvents

Fri, 24 May 2024 15:22:20 +0100

Certain interactions with Chainguard resources will emit CloudEvents that you or an application can subscribe to. This allows you to do things like receive alerts when a user downloads one or more of your organization’s private container images or when a new image gets added to your organization’s registry.

This tutorial is meant to serve as a companion to the Image Copy GCP example application. It will guide you through setting up infrastructure to listen for push events on an organization’s private registry and mirror any new Chainguard Containers in the registry to a repository in a GCP Artifact Registry repository.

Verified Organizations

Tue, 15 Aug 2023 14:22:23 -0700

Resources on the Chainguard platform are organized in a hierarchical structure called IAM Organizations. Single customers or organizations typically use a single root-level Organization to manage their Chainguard resources.

Organizations can optionally be verified. Verification modifies some aspects of the Chainguard platform user experience to help large organizations guide their user base to the correct resources.

Verifying your Organization

Verification is currently a manual process. To verify your organization, please contact your customer support contact. You can check if your organization is verified using chainctl.

Compare chainctl usage with the Chainguard Console

Mon, 02 Jun 2025 11:07:52 +0200

Chainguard provides two powerful interfaces for managing container security resources: the web-based Console for visual exploration and the chainctl CLI for automation and scripting. Understanding when to use each tool maximizes your efficiency in managing Chainguard’s security-hardened containers and access controls.

Prerequisites

To access the Chainguard Console you need to create an account and sign in. The Console is accessible to everyone, including users who aren’t Chainguard customers.

Chainguard API v2 Tutorial

Mon, 30 Mar 2026 08:49:31 +0000

Note: The Chainguard API v2 is in beta.

The v2 API introduces cursor-based pagination, server-side ordering, consistent resource patterns, and structured error responses across all endpoints.

This guide walks through the v2 API using real curl commands.

Note: The example output in this guide was captured from a development environment. Your organization’s resource names, UIDs, timestamps, and counts will differ. The response structure and field names are the same across all environments.

Authenticating with the Chainguard SDK

Wed, 04 Jun 2025 08:49:31 +0000

There are several ways for users to interact with the Chainguard platform, with chainctl (Chainguard’s command-line tool) and the Chainguard Console (Chainguard’s web interface) being the two most commonly-used methods. However, both of these require a human user to authenticate, and aren’t useful for working with Chainguard resources programmatically.

The Chainguard SDK serves to ease programmatic integration with the Chainguard platform. This guide highlights two examples from the SDK repository that show how to authenticate to the Chainguard registry using the chainguard.dev/sdk/auth and chainguard.dev/sdk/auth/ggcr packages. The first has you authenticate as a local user, while the second has you authenticate as an assumed identity.

Introduction to the Chainguard Terraform Provider

Sun, 28 Jan 2024 15:56:52 -0700

Terraform is an infrastructure as code tool that allows users to declaratively configure resources in cloud providers like AWS and GCP, SaaS platforms, and many other API-driven environments. Terraform providers are written by third-party developers to allow Terraform to manage resources in their environment.

The Chainguard Terraform provider enables users to manage resources on the Chainguard Platform, such as identities, role-bindings, custom roles, and more. This guide provides a brief introduction to the Chainguard Terraform provider, including how to configure it and use it to manage your Chainguard resources.