As enterprises accelerate development across cloud-native and AI-driven environments, software supply chain risk has moved from a background concern to a boardroom priority. The pressure to ship faster hasn’t disappeared, but the tolerance for hidden vulnerabilities inside open-source components and container images has shifted. What once felt like a security team problem now shapes architecture decisions across engineering teams.

Enterprise application teams increasingly rank software supply chain risk among their top concerns, according to Paul Nashawaty, principal analyst at theCUBE Research and host of the AppDevANGLE podcast. Against that backdrop, Chainguard Assemble arrives as engineering leaders confront mounting pressure to embed trust directly into modern software delivery.

“From my AppDev research standpoint, this gathering lands at a critical moment for the market,” Nashawaty said. “Our latest 2025 data shows that 72% of enterprise application teams now rank software supply chain risk as a top three concern, up significantly year over year. At the same time, more than 65% of cloud-native teams are increasing investment in container security and compliance tooling in 2026. The industry is clearly moving from ‘move fast’ DevOps to ‘trusted’ DevOps, and that aligns directly with the event’s focus on open source, containers and AI-driven blind spots.”

Join theCUBE, SiliconANGLE Media’s livestreaming studio, on March 19 for exclusive coverage of Chainguard Assemble. Interviews will explore how engineering teams are embedding security directly into developer workflows, modernizing open-source governance and strengthening software supply chain security without slowing innovation. (* Disclosure below.)

Combating software supply chain risk

As enterprises reassess their cloud-native foundations, conversations about supply chain risk increasingly extend beyond tooling and into platform strategy. Chainguard Assemble brings together cloud providers, security vendors and engineering leaders grappling with how to make trust measurable across open-source dependencies and containerized workloads, according to Nashawaty.

“Strategically, what’s at stake for enterprises is operational trust,” he said. “Our research indicates that organizations with mature supply chain security practices experience 40% fewer production incidents tied to third-party components. In regulated sectors, especially, compliance is now shaping architecture decisions; nearly 60% of new cloud-native deployments cite regulatory requirements as a primary design factor. Sessions around FedRAMP, trusted open source and data integrity are not theoretical discussions; they reflect active buying priorities. The fact that ecosystem players such as Amazon Web Services, Cisco, Okta and others are participating in the event reinforces that this is becoming a platform-level conversation, not a point-tool one.”

Chainguard’s recent trajectory underscores that broader market momentum. In October 2025, the company raised $280 million to expand its trusted open-source software platform. Its portfolio of hardened container images and related artifacts is designed to reduce known vulnerabilities and integrate into enterprise workflows.

In late January, Chainguard announced that it was entering what it called “a new era” of its Chainguard Factory with the introduction of Chainguard Factory 2.0. The update is powered by DriftlessAF, an agentic framework the company describes as a “resilient, self-correcting system” intended to replace more brittle build and maintenance processes. It has replaced Chainguard’s legacy system and is being open-sourced to the community.

These recent moves provide context for Chainguard Assemble, where theCUBE’s interviews will explore how organizations translate trusted open-source software into day-to-day engineering practice. For enterprises weighing those developments, the broader question is how quickly trust can be put into practice across production environments, according to Nashawaty.

“From an actionable perspective, we expect that by the end of 2026, over 50% of enterprise container images in production will be policy-validated or cryptographically attested before deployment,” he said. “However, less than half of organizations today have full software bill of materials traceability across environments; that’s a meaningful gap. With AI-assisted development now present in over 80% of enterprise software organizations, governance inside CI/CD pipelines will be the differentiator. The real watchpoint at this event is which vendors can industrialize trust at scale without slowing developers down.”

TheCUBE event livestream

Don’t miss theCUBE’s coverage of Chainguard Assemble on March 19. Plus, you can watch theCUBE’s event coverage on-demand after the event.

How to watch theCUBE interviews

We offer you various ways to watch theCUBE’s coverage of Chainguard Assemble, including theCUBE’s dedicated website and YouTube channel. You can also get all the coverage from this year’s events on SiliconANGLE.

TheCUBE podcasts

SiliconANGLE’s “theCUBE Pod” is available on Apple Podcasts, Spotify and YouTube, which you can enjoy while on the go. During each podcast, SiliconANGLE’s John Furrier and Dave Vellante unpack the biggest trends in enterprise tech — from AI and cloud to regulation and workplace culture — with exclusive context and analysis.

SiliconANGLE also produces our weekly “Breaking Analysis” program, where Dave Vellante examines the top stories in enterprise tech, combining insights from theCUBE with spending data from Enterprise Technology Research, available on Apple Podcasts, Spotify and YouTube.

Guests

During Chainguard Assemble, theCUBE’s coverage will feature discussions with cross-sector software, open-source and security executives on approaches to integrating trust into modern software development. Stay tuned for our complete guest list.

(* Disclosure: TheCUBE is a paid media partner for the Chainguard Assemble event. Neither Chainguard, the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Image: SiliconANGLE