April 3, 2026 -- Chainguard has announced the second generation of its platform for maintaining hardened open source software components, named Factory 2.0. Unveiled at the Assemble conference in New York in March, the new platform replaces the original system's traditional, complex, event-driven, rule-based automations with a more durable framework that combines standard code and agentic reconciliation bots.
Factory 2.0 is built on a revamped architecture enabled by artificial intelligence (AI). The new control plane uses a controller/reconciler model to orchestrate and continuously reconcile open source artifacts across containers, libraries, GitHub Actions, and agent skills. The underlying open source DriftlessAF agentic framework is designed to keep approved artifacts continuously updated and patched, moving away from fragile, throwaway scripts.
Background: Growing Supply Chain Threats
The timing of this revamp is critical as threat actors continue to evolve methods for spreading malware through software supply chains. In the past year alone, attackers hijacked the popular GitHub Action tj‑actions/changed-files, redirecting tags to a malicious commit and leaking secrets from over 23,000 repositories. More recently, adversaries uploaded malicious skills to OpenClaw registries that instructed coding agents to install the Atomic macOS Stealer on developers' machines. These incidents highlight the need for automated, continuous hardening of the components used in development pipelines.
CI/CD pipelines are among the most privileged systems in software development because they hold write permissions to repositories, deployment credentials, signing keys, and access to an organization's entire production infrastructure. They are attractive targets because the workflows running within them are often not inspected and frequently come from unknown third parties. Factory 2.0 directly addresses these risks by providing a hardened catalog of vetted workflows and artifacts.
Chainguard Actions: Hardened CI/CD Workflows
One of the key components of Factory 2.0 is Chainguard Actions, a hardened catalog of GitHub Actions and similar CI/CD workflows. These are built and continuously maintained within the platform. Rather than allowing developers or AI agents to pull random actions from third parties, Chainguard Actions provides a nonstop, hardened catalog of vetted workflows. Chainguard re-creates each action from source and secures the restored workflows whenever upstream updates or new exploits appear.
"These are secure by default, drop-in replacements of upstream GitHub Actions for your CI/CD pipelines," said Dan Lorenc, Chainguard's co-founder and CEO, at the conference. "They let your developers and agents shift fast without taking on supply chain risk in the pipeline itself."
The preview currently includes more than 100 of the top actions from the GitHub Marketplace, with dozens of hardened fixes that make them easier to use without worrying about security risks. Patrick Donahue, Chainguard's chief product officer, explained that the tool takes the actions as they exist and hardens them. "If you use an action today that logs into a particular system but it's got some potentially unsafe code, we will detect that and remediate that so the version you're running from us is much less likely to get compromised," he said.
Chainguard Agent Skills: Securing AI Agent Instructions
Factory 2.0 also introduces Chainguard Agent Skills, a catalog of continuously hardened, third-party AI agent skills. These skills are small, modular instruction sets that let developers securely plug capabilities into AI agents. "These are just markdown files, just instructions that you could have otherwise typed," Donahue said. "Imagine if you could tap all the experts in an industry and be able to ask them questions and do stuff for you. That's essentially what the skills do."
Third-party skills are intended to enhance AI agents that perform specific tasks such as browser automation, PDF processing, SEO checking, web design, and code quality reviews. By hardening these instructions and continuously updating them, Chainguard aims to prevent adversaries from injecting malicious instructions that could compromise developer machines or sensitive data.
Chainguard Guardener: Automated Migration Agent
Another major component is Chainguard Guardener, an AI agent that automates the migration and maintenance of trusted open source artifacts across both development and deployment workflows. The initial release automatically converts legacy Dockerfiles into minimal, zero-CVE Chainguard container images. Future updates will extend this capability to other configuration scripts.
"The Guardener is our agent that we're going to put in customer environments to allow customers to use our images in a more automated way," said Ed Sawma, a Chainguard product VP.
Adeel Saeed, CISO of Kyndryl, commented on the value of this automation. "Today, the adoption that we have is very manual because you go to the library, you download an image, and then you put it in your Artifactory," he said. "With the Actions piece, we can tie it back to the Git, while with the Guardener, we can tie it back to the whole Git repo, and automate that process. I think it will definitely help with adoption."
Architecture: Controller/Reconciler Model
Factory 2.0's architecture marks a significant shift from the original platform. Instead of relying on event-driven automations that required complex triggering rules, the new system employs a controller/reconciler model. This is a pattern commonly found in Kubernetes environments where a controller continuously monitors the desired state and a reconciler takes action to match the actual state. In this context, the platform continuously monitors open source artifacts and reconciles them against predefined security policies, automatically updating or patching them as needed.
The DriftlessAF framework, which powers this reconciliation, is open source. It uses agentic capabilities to detect drift in software components and take immediate corrective action. This approach eliminates the need for brittle scripts that often break or fail to cover all edge cases. By making the framework open source, Chainguard also invites community contributions and scrutiny, which can further enhance security.
Implications for Developers and Security Teams
The introduction of Factory 2.0 has broad implications for both developers and security operations. Developers can leverage hardened replacements for common GitHub Actions without needing deep security expertise, reducing the friction of adopting secure practices. Security teams gain visibility and control over the entire software supply chain, from container images to CI/CD workflows and AI agent skills.
The platform's ability to continuously reconcile artifacts means that security updates are applied automatically, reducing the window of exposure. This is particularly important given the rapid pace at which new vulnerabilities are discovered and exploited. With high-profile incidents like the tj-actions compromise and the OpenClaw malware attacks, the demand for automated supply chain security solutions is likely to grow.
Chainguard's move aligns with broader industry trends toward "secure by default" development tools. By integrating security directly into the development pipeline rather than relying on external scanning or manual checks, the platform aims to shift left security in a practical way. The use of AI agents for migration and maintenance further reduces the burden on developers, allowing them to focus on feature work rather than manual security chores.
The company's presence at the Assemble conference, with its focus on AI and automation, underscores the belief that the future of software supply chain security lies in intelligent, self-healing systems. As threat actors continue to target the weakest links in the development process, solutions like Factory 2.0 may become essential for organizations of all sizes.
Source: Dark Reading News