Azul, the only company 100% focused on Java, and Chainguard, the secure foundation for software development and deployment, announced a strategic partnership. This partnership will unite Azul’s best-in-class commercial support and curated OpenJDK distributions with Chainguard’s world-class Linux distro, software factory and container images. Chainguard will build from source Java container images that incorporate Azul’s commercially supported build of OpenJDK that’s part of Azul Platform Core, enabling enterprises to accelerate developer productivity, eliminate costly engineering toil and harden their software supply chain security.
Securing the Full Java Stack Is Complex, Fragmented and Time-Consuming
Java powers enterprise applications of all sizes and criticality, but timely access to updated and secure builds requires a vendor with deep expertise. Azul provides this by delivering fully supported OpenJDK builds which are a drop-in replacement for Oracle Java — helping organizations stay compliant and secure while reducing costs and freeing teams to focus on innovation. At the same time, Chainguard Containers helps organizations secure their operating system (OS) and application runtime environment.
Modern enterprises face growing complexity and risk in securing every layer of their software stack — from the OS to the Java runtime and toolchain. Engineering and security teams often struggle to keep up with constant vulnerability disclosures, inconsistent patching timelines, and the need to harden containers and virtual machines without sacrificing speed or developer productivity. These challenges are especially acute for Java workloads, which require timely updates, commercial support, and secure, lightweight deployment environments.
Also Read: PubNub Evolves Its Platform with AI-Native Development, Real-Time Moderation, and Decision Intelligence
A study by NetRise found that the average container contains 604 known vulnerabilities in its underlying software components, with over 45% of those CVEs being two to 10 years old. This accumulation of outdated vulnerabilities poses a significant risk to organizations relying on containerized applications. In addition, in Azul’s recent 2025 State of Java Survey & Report, 33% of respondents said that their DevOps teams waste more than half their time addressing false positives from Java-related security vulnerabilities, and 49% of companies are still encountering security vulnerabilities from Log4j in production – three years after its initial discovery. Securing the software development lifecycle requires locking down all layers of the stack, from the OS to the runtime environment and language toolchain.
Customers Benefit from Reduced Risk and Faster Time to Deployment
The partnership between Azul and Chainguard directly addresses these pain points by delivering hardened, zero-CVE containers for Java versions 21 and beyond, built from Azul source code, and backed by commercial Java support from Azul. Together, the companies offer a streamlined, secure foundation for Java applications that reduces risk, accelerates delivery and eliminates the trade-off between security and support.
With Azul and Chainguard integrating zero-CVE container images built entirely from source and tested using the Java Compatibility Kit (JCK, TCK), joint customers benefit from reduced risk across their application surface area while maintaining commercial support services for their Java runtimes. Through Azul’s stabilized, security-only Critical Patch Updates, engineering teams can now rapidly deploy new Java images, spending less time patching and testing one-off containers, so organizations can redirect development resources and ship secure software faster.
“Our customers need solutions that reduce risk and build trust at every layer of their modern software deployment stack,” said Dan Lorenc, co-founder and CEO at Chainguard. “Today, we’re bringing Chainguard’s expertise in building minimal, zero-CVE images and Azul’s expertise in Java together to create the most secure, commercial-grade containers for cloud-native workloads.”
“Choosing a hardened container shouldn’t mean sacrificing timely security-only updates and commercial support services for your Java runtimes,” said Scott Sellers, co-founder and CEO at Azul. “Today, we’re excited to offer enterprises best-in-breed hardened Java containers from Chainguard while leveraging world-class commercial support from Azul.”
Source: BusinessWire