Introducing SecureBuild
We're excited to announce the launch of SecureBuild.com, partnering with project maintainers to offer 0-CVE open source images. We're creating a path towards secure, sustainable open source.
Grant Miller
At Replicated, we've spent the last decade helping software vendors deliver self-hosted applications into complex enterprise environments. Through that journey, two things have become increasingly clear: open source is the foundation of all software and security is paramount.
Today we're launching SecureBuild, a new initiative built on a simple premise:
The best way to secure open source software is to partner directly with the people and companies who create and maintain it.
SecureBuild provides enterprises with zero-CVE container images, built from source with full SBOMs, built on trusted infrastructure, and updated fast when new vulnerabilities are fixed in dependencies. But here's what makes us different: we share 70% of direct subscription revenue with the open source maintainers whose projects we secure.
We think it's time the creators of the world's most important infrastructure were part of the economic value chain.
Why now?
Supply chain attacks have pushed every security team to re-evaluate how they trust the software they run. No one wants to be surprised by a compromised dependency or an outdated base image with unpatched CVEs.
Vendors like Chainguard, Docker Hardened Images, WizOs, and others have stepped in with secure image catalogs. But too often, these catalogs are built on the work of open source maintainers, without them being involved, consulted, or compensated.
We think there's a better way.
What we're launching
We're partnering with the maintainers of some of the most innovative and impactful projects in the cloud-native ecosystem. Each of these partners represents excellence in their domain and collectively they power mission-critical infrastructure at thousands of organizations worldwide.
Here's how it works:
- We partner with open source maintainers to ship and support secure builds of their official releases.
- We rebuild every image from source, mapping all dependencies and using trusted build systems.
- We remove all addressed CVEs, verify SBOMs, and publish the images to a private registry.
- We monitor for new vulnerabilities, with a 6-day SLA on patching critical CVEs.
- We handle the commercials & delivery, enterprises buy from SecureBuild and we supply the images.
- We pay maintainers 70% of direct subscriptions to their project's images.
The result is a secure, compliant foundation for enterprises, and a real revenue stream for the people maintaining open source.
Our Launch Partners
Weaviate - The AI-native vector database revolutionizing intelligent applications. With 13,000+ GitHub stars, it powers semantic search, recommendation engines, and RAG applications at enterprise scale.
TigerData (TimescaleDB) - The PostgreSQL-based time-series database. Delivers 100x faster queries and 90% compression for massive IoT and monitoring workloads.
Rclone - The Swiss Army knife of cloud storage with 51,000+ GitHub stars. Supports 70+ cloud providers and is the standard for storage sync, backup, and migration.
OpenCost - The CNCF project democratizing Kubernetes cost monitoring. Provides real-time cost allocation helping organizations optimize their cloud spend.
External Secrets - The CNCF incubating project that's the gold standard for Kubernetes secrets management. Integrates with 30+ secret management systems including Vault and AWS Secrets Manager.
Coder Code Server - Run VS Code on any machine anywhere and access it in the browser.
Gotenberg - The Docker-powered stateless API for PDF generation. Converts HTML, Markdown, and Office documents to PDF with enterprise-grade reliability and performance.
Topaz - The open-source authorization service built for cloud-native applications. Provides fine-grained, real-time access control with a developer-friendly API.
Kube-router - The purpose-built networking solution for Kubernetes. Combines kube-proxy, firewall, and BGP routing in a single, lightweight solution for production clusters.
SchemaHero - The declarative database schema management tool for Kubernetes. Enables GitOps workflows for database migrations with support for PostgreSQL, MySQL, and more.
These partners represent over 200,000 combined GitHub stars and power critical infrastructure at companies ranging from startups to Fortune 500 enterprises. By partnering with SecureBuild, they're ensuring their users have access to the most secure, enterprise-ready container images available.
What's next
We're launching with support for dozens of the most-used projects in the cloud-native ecosystem, and we'll be expanding fast. If you're a maintainer who wants to partner, reach out at securebuild.com/partner, or if you work for an company interested in a custom catalog of 0 CVE images you can reach us at: securebuild.com/enterprise.
Secure open source doesn't have to come at the expense of the open source community.
It's time we build something better.