Chainguard provides hardened, zero-CVE container images (Chainguard Containers) that enable companies to achieve speed, security and scalability. Now, through a strategic partnership between Azul and Chainguard, Chainguard will build from source Java container images that incorporate Azul’s commercially supported build of OpenJDK that’s part of Azul Platform Core. This integration enables enterprises to continue to use and receive support for Azul for their Java runtimes in Chainguard hardened containers.
In an ideal world, container security and business innovation would work together and each line of code would make software safer. Most development, infrastructure, and security teams would say you should strive for speed, security, and scalability… but you can’t have all three. Chainguard provides hardened, zero-CVE container images (Chainguard Containers) that enable companies to achieve all three things.
Azul and Chainguard have announced a strategic partnership that enables Chainguard to bring their containers to market with:
- Azul Platform Core support services
- Azul’s commercial Zulu Builds of OpenJDK for Java 21 (built and TCK-tested by Chainguard from Azul source code)
- Images will contain both Azul’s CPU (security-only) and PSU JDKs
The combined container image will help engineering and security teams eliminate common vulnerabilities and exposures (CVEs), improve software development velocity, and ensure timely access to updated and secure Java runtimes backed by Azul’s world-class commercial services.
The need for Java container security
Modern enterprises face growing complexity and risk in securing every layer of their software stack, from the operating system to the Java runtime. Engineering and security teams struggle to keep up with constant vulnerability disclosures, inconsistent patching timelines, and the need to harden containers without sacrificing speed or developer productivity. These challenges are especially acute for Java workloads requiring timely updates, commercial support, and secure, lightweight deployment environments.
A 2024 study by software supply chain security company NetRise found that the average container contains 604 known vulnerabilities in its underlying software components, with over 45% being more than 2 years old. This accumulation of outdated vulnerabilities poses a significant risk to organizations relying on containerized applications. IT teams feel the burden too. In Azul’s 2025 State of Java Survey & Report, 33% of participants said that their DevOps teams waste more than half their time addressing false positives from Java-related security vulnerabilities.
Securing the software development lifecycle requires locking down all layers of the stack, from the OS to the runtime environment and language toolchain. While Chainguard Containers help organizations secure their OS and application runtime environment, enterprises also need access to commercial Java support services and timely access to Java updates and runtime binaries to ensure service security and reliability.
Improving our customers’ Java container security
Chainguard already builds all the components in its “hardened” Java containers from source code on a nightly basis to ensure they are always up-to-date and secure. With this strategic partnership, Azul will collaborate with Chainguard engineers on a quarterly basis (or more often if Azul releases an out-of-cycle update) to ensure that their build process produces TCK-compliant runtimes from Azul source code with the highest quality and smallest number of vulnerabilities.
By using a commercially supported Azul Zulu Build of Open JDK inside the Chainguard Container, Azul Platform Core customers can continue to use and deploy the same commercially supported JVM. The Azul images are the only JDK that Chainguard containers use that come with commercial Java support services.
What is a hardened container?
A hardened container omits unnecessary components and patches known vulnerabilities to be both minimal and secure. Its minimalism reduces its attack surface and vulnerability landscape. Chainguard Containers contain only essential software required to run an application, such as its runtime dependencies – minus package managers, utilities, and shells. Benefits of hardened containers include:
- Reduces CVEs (Common Vulnerabilities and Exposures)
- Helps pass compliance standards (e.g., PCI-DSS, HIPAA, FedRAMP)
- Limits damage if a container is compromised
- Supports Zero Trust and secure supply chain models
Superior Azul support
Azul’s support team of Java-only engineers – the largest in the world – averages 20+ years of experience and boasts a 100% customer satisfaction rating. Chainguard Containers for Azul Platform Core customers on Java version 21 and beyond will include support, including the next long-term support release, Java 25, due for release later this year. Customers consuming these new Azul Java container images via Chainguard Containers will receive commercial Java support services through the Azul Platform Core offering.
