Azul and Chainguard have formed a strategic partnership that combines Azul’s top-tier commercial support and curated OpenJDK builds with Chainguard’s advanced Linux distribution, secure software factory, and container images. As part of the collaboration, Chainguard will produce Java container images built from source using Azul’s commercially supported OpenJDK from the Azul Platform Core. This integration aims to boost developer productivity, reduce engineering overhead, and strengthen software supply chain security for enterprises.
Azul and Chainguard have formed a strategic partnership that combines Azul’s top-tier commercial support and curated OpenJDK builds with Chainguard’s advanced Linux distribution, secure software factory, and container images. As part of the collaboration, Chainguard will produce Java container images built from source using Azul’s commercially supported OpenJDK from the Azul Platform Core. This integration aims to boost developer productivity, reduce engineering overhead, and strengthen software supply chain security for enterprises.
Securing the Full Java Stack Is Complex, Fragmented and Time-Consuming
Java powers enterprise applications of all sizes and criticality, but timely access to updated and secure builds requires a vendor with deep expertise. Azul provides this by delivering fully supported OpenJDK builds which are a drop-in replacement for Oracle Java — helping organizations stay compliant and secure while reducing costs and freeing teams to focus on innovation. At the same time, Chainguard Containers helps organizations secure their operating system (OS) and application runtime environment.
Modern enterprises face growing complexity and risk in securing every layer of their software stack — from the OS to the Java runtime and toolchain. Engineering and security teams often struggle to keep up with constant vulnerability disclosures, inconsistent patching timelines, and the need to harden containers and virtual machines without sacrificing speed or developer productivity. These challenges are especially acute for Java workloads, which require timely updates, commercial support, and secure, lightweight deployment environments.
A study by NetRise found that the average container contains 604 known vulnerabilities in its underlying software components, with over 45% of those CVEs being two to 10 years old. This accumulation of outdated vulnerabilities poses a significant risk to organizations relying on containerized applications. In addition, in Azul’s recent 2025 State of Java Survey & Report, 33% of respondents said that their DevOps teams waste more than half their time addressing false positives from Java-related security vulnerabilities, and 49% of companies are still encountering security vulnerabilities from Log4j in production – three years after its initial discovery. Securing the software development lifecycle requires locking down all layers of the stack, from the OS to the runtime environment and language toolchain.
Customers Benefit from Reduced Risk and Faster Time to Deployment
The partnership between Azul and Chainguard directly addresses these pain points by delivering hardened, zero-CVE containers for Java versions 21 and beyond, built from Azul source code, and backed by commercial Java support from Azul. Together, the companies offer a streamlined, secure foundation for Java applications that reduces risk, accelerates delivery and eliminates the trade-off between security and support.
With Azul and Chainguard integrating zero-CVE container images built entirely from source and tested using the Java Compatibility Kit (JCK, TCK), joint customers benefit from reduced risk across their application surface area while maintaining commercial support services for their Java runtimes. Through Azul’s stabilized, security-only Critical Patch Updates, engineering teams can now rapidly deploy new Java images, spending less time patching and testing one-off containers, so organizations can redirect development resources and ship secure software faster.
“Our customers need solutions that reduce risk and build trust at every layer of their modern software deployment stack,” said Dan Lorenc, co-founder and CEO at Chainguard. “Today, we’re bringing Chainguard’s expertise in building minimal, zero-CVE images and Azul’s expertise in Java together to create the most secure, commercial-grade containers for cloud-native workloads.”
“Choosing a hardened container shouldn’t mean sacrificing timely security-only updates and commercial support services for your Java runtimes,” said Scott Sellers, co-founder and CEO at Azul. “Today, we’re excited to offer enterprises best-in-breed hardened Java containers from Chainguard while leveraging world-class commercial support from Azul.”
Joint customers consuming these new Azul Java container images via Chainguard Containers will receive commercial Java support services through the Azul Platform Core offering. For more information on the partnership can also be found here.
Related News:
Chainguard Libraries for Python Offer Malware-Resistant Code
Forty8Fifty Labs Wins Perforce Gliffy Partner of the Year for Largest Cloud Sale
