Joint solution gives customers secure, zero-CVE Java containers backed by trusted commercial support, reducing risk and accelerating delivery
Azul, the only company entirely dedicated to Java, has announced a strategic partnership with Chainguard, the secure software supply chain platform. This collaboration brings together Azul’s curated OpenJDK distributions and commercial support with Chainguard’s hardened Linux distribution, software factory, and minimal, secure container images. As a result, Chainguard will now deliver Java container images built from source using Azul’s commercially supported build of OpenJDK—part of the Azul Platform Core—empowering enterprises to streamline development, minimize engineering overhead, and strengthen supply chain security.
Addressing the Complexity of Securing the Full Java Stack
While Java remains the backbone of countless enterprise applications, keeping the Java stack secure is often a fragmented and time-intensive effort. Azul simplifies this by offering fully supported OpenJDK builds that serve as a seamless, drop-in alternative to Oracle Java—ensuring organizations stay secure and compliant while reducing operational costs. Complementing this, Chainguard Containers provide a hardened foundation for the OS and application runtime environment, creating a unified approach to security from the base up.
Modern enterprises face increasing challenges when trying to secure every component of their software stack—from the operating system through to the Java runtime and development toolchain. Security and engineering teams are often burdened by frequent vulnerability disclosures, inconsistent patch schedules, and the pressure to harden containers without slowing down developer workflows. These challenges are particularly pronounced for Java environments that demand timely patches, enterprise-grade support, and lightweight deployment options.
Recent data underscores the urgency: a NetRise study found that the average container includes 604 known vulnerabilities, with nearly half being between two and ten years old. Azul’s 2025 State of Java Survey & Report further reveals that 33% of DevOps teams spend more than half their time addressing false positives from Java security alerts, and 49% of organizations are still dealing with Log4j-related vulnerabilities—three years post-disclosure. Clearly, securing the entire software lifecycle demands a comprehensive approach, covering everything from the OS to the Java runtime and language toolchain.
Also Read: Postman’s AI Agent Mode Transforms API Development
Delivering a Secure, Efficient Path to Deployment
The Azul–Chainguard partnership offers enterprises a powerful new solution: hardened, zero-CVE Java containers for Java versions 21 and beyond. These containers are built directly from Azul source code and backed by Azul’s industry-leading Java support, providing a secure and reliable foundation for modern Java applications.
By integrating containers built from scratch and validated using the Java Compatibility Kit (JCK/TCK), joint customers gain peace of mind through reduced attack surface and continuous commercial support. Azul’s security-only Critical Patch Updates ensure that teams can quickly deploy new Java images, avoiding the delays and risks of ad-hoc patching and testing, and allowing organizations to focus more on innovation and less on maintenance.
“Our customers need solutions that reduce risk and build trust at every layer of their modern software deployment stack,” said Dan Lorenc, co-founder and CEO at Chainguard. “Today, we’re bringing Chainguard’s expertise in building minimal, zero-CVE images and Azul’s expertise in Java together to create the most secure, commercial-grade containers for cloud-native workloads.”
“Choosing a hardened container shouldn’t mean sacrificing timely security-only updates and commercial support services for your Java runtimes,” said Scott Sellers, co-founder and CEO at Azul. “Today, we’re excited to offer enterprises best-in-breed hardened Java containers from Chainguard while leveraging world-class commercial support from Azul.”
With this partnership, enterprises gain a robust, secure, and efficient Java deployment stack—eliminating security trade-offs and accelerating time to market.