Groowe Groowe BETA / Newsroom
⏱ News is delayed by 15 minutes. Sign in for real-time access. Sign in

Introducing Chainguard Actions: Trusted CI/CD Workflows for Developers and AI Coding Agents

prnewswire.com
FTNT Mentioned as a customer of Chainguard, indicating adoption of their security solutions. The article does not provide specific sentiment about Fortinet's stock performance. HPE Mentioned as a customer of Chainguard, indicating adoption of their security solutions. The article does not provide specific sentiment about HPE's stock performance. SNOW Mentioned as a customer of Chainguard, indicating adoption of their security solutions. The article does not provide specific sentiment about Snowflake's stock performance.

Introducing Chainguard Actions: Trusted CI/CD Workflows for Developers and AI Coding Agents Secure-by-default workflows eliminate supply chain risk from CI/CD pipelines while preserving development velocity

KIRKLAND, Wash., March 17, 2026 /PRNewswire/ -- Chainguard, the trusted source for open source, today announced Chainguard Actions, secure-by-default workflows for CI/CD pipelines that allow developers and AI agents to ship quickly without introducing software supply chain risk. Using an agentic approach, Chainguard Actions provides a continuously secured catalog of workflows maintained by the Chainguard Factory, the infrastructure that has become the industry standard for delivering trusted open source artifacts. Chainguard Actions ingests widely used third-party CI/CD workflows, starting with GitHub Actions, and evaluates them against a security best-practices ruleset, automatically fixes failures, and publishes secured versions that engineering teams can safely integrate into their workflows.

The most privileged and least protected layer in the CI/CD pipeline

CI/CD workflows operate with the highest privileges in modern software delivery, yet they remain among the least protected components in the development stack. As engineering teams increasingly build with AI-assisted coding agents to accelerate releases, code development is outpacing security teams' ability to manually review that code. Unaddressed vulnerabilities in CI/CD workflows can silently introduce malware, leak credentials, or compromise production systems. Last year, attackers compromised the widely used tj-actions/changed-files GitHub Action and exposed secrets across more than 23,000 repositories by redirecting version tags to a malicious commit. More recently, an autonomous AI bot known as hackerbot-claw demonstrated how easily these workflows can be exploited. The bot scanned public repositories continuously for a week to find vulnerable GitHub Actions configurations. It then successfully breached multiple major organizations. Together, these attacks illustrate new ways that attackers can automatically probe and exploit vulnerable workflows at scale, and how they are getting more sophisticated in their approaches.

"CI/CD pipelines power modern software delivery, but the privileged workflows inside them remain one of the least secured layers of the stack," said Dan Lorenc, CEO and Co-founder of Chainguard. "Chainguard Actions extends our industry-leading secure-by-default approach to the CI/CD layer. Our vision is to enable a software delivery lifecycle that developers and their AI agents can trust end to end."

Secure-by-default CI/CD workflows

Using agents, Chainguard Actions ingests popular third-party CI/CD workflows, starting with GitHub Actions, and evaluates them against a comprehensive security ruleset that detects unsafe patterns, excessive permissions, and supply chain risks. Actions that fail the review are automatically remediated and published in a secure catalog, ready for use in production workflows. Whenever upstream Actions change or the Chainguard ruleset evolves, affected workflows are automatically resecured without requiring manual intervention.

With Chainguard Actions, organizations can:

Solving the trust problem in the CI/CD

Security reviews of CI/CD workflows are typically treated as a point-in-time exercise, but the threat landscape evolves continuously as maintainers are compromised, new exploitation techniques emerge, and automated attackers scan repositories for vulnerable patterns. Chainguard addresses this challenge through the AI-native Chainguard Factory, the infrastructure that already monitors, builds, and continuously updates millions of open source artifacts.

The Chainguard Factory's same reconciliation model now powers Chainguard Actions, continuously comparing the desired secure state with what exists in upstream automation marketplaces and automatically correcting any drift. Chainguard Actions are built with:

For developers, Chainguard Actions removes the fear associated with strangers accessing the layer through which their organization's most sensitive information passes. It also significantly reduces the risk of a breach and the commensurate triage if one occurs. Instead, teams can rely on a continuously secured catalog of Actions and focus on shipping software.

Chainguard Actions is available in beta. To be among the first to try it, visit https://www.chainguard.dev/actions.

About Chainguard

Chainguard is the trusted source for open source. By delivering hardened, secure, and production-ready builds of all the open source software engineers and AI agents rely on, Chainguard helps organizations build faster, stay compliant, and eliminate risk. Its customers include Fortune 500 enterprises and global industry leaders, including Anduril, Canva, Fortinet, Hewlett Packard Enterprise, OpenAI, Snap Inc., and Snowflake. Chainguard is venture-backed by leading investors, including Amplify, IVP, Kleiner Perkins, Lightspeed Venture Partners, Mantis VC, Redpoint Ventures, Sequoia Capital, and Spark Capital. For more information, visit: https://www.chainguard.dev/

SOURCE Chainguard