Today, we’re thrilled to announce that Expanso is officially partnering with Chainguard to bring secure-by-default infrastructure to distributed data systems. This launch changes what enterprises expect from distributed data pipelines.
At Expanso, our mission is simple - we want to help enterprises process and govern data where it is created, rather than moving everything to a central platform, and that’s because it makes the data cheaper, faster and more compliant.
For example, a global retailer using Expanso can filter out duplicate or irrelevant sales transactions at regional stores before sending the data to a central analytics platform, reducing storage costs and improving reporting speed.
The Challenge of Distributed Compute
Running pipelines across edge environments, clouds, and clusters introduces a new challenge - ensuring the infrastructure powering those pipelines remains secure and trustworthy everywhere it runs.
This is where Chainguard plays a critical role.
Through Chainguard Commercial Builds, software vendors ship hardened container images with minimal components and no known vulnerabilities, along with verifiable records showing exactly what’s inside the software and how it was built.
For the retailer, this means Expanso pipelines can run across multiple clouds or edge locations without engineers needing to rebuild containers or investigate potential vulnerabilities. The infrastructure running those pipelines arrives secure, compliant, and production-ready by default.
That way, Expanso and Chainguard enable distributed data infrastructure that is intelligent, auditable, and secure across all environments.
But how do we make this happen?
Inventing Secure Data Pipelines
Distributed data pipelines are powerful, but they’re only as reliable as the infrastructure that runs them. In practice, pipelines span multiple clouds, edge locations, and clusters, each environment with its own security and operational complexities.
At Expanso, we solve this by bringing intelligence to the source of the data, so pipelines can process, filter, and act in real time.
But the problem is - even when pipelines are smart, the software running them can introduce vulnerabilities. A container with a known CVE can turn a reliable system into a risky one.
Consider the earlier retail example operating thousands of stores. Each store runs an instance of the pipeline to process transactions locally. If the container image used for that pipeline includes a vulnerable dependency, every store now runs the same vulnerable software. Fixing the problem would normally require engineers to rebuild container images, patch dependencies, and redeploy the pipeline across the entire fleet.
But Chainguard changes how the system works.
Expanso pipeline services are built and distributed using Chainguard Commercial Builds, which produce hardened container images that include only the minimal components required to run the software. Unnecessary packages, development tools, and unused libraries are removed, dramatically reducing the potential attack surface. These container images are also continuously rebuilt to eliminate known vulnerabilities and include verifiable records showing exactly which components are inside the image and how it was built.
Returning to the retail scenario, this means every store runs its data pipeline on the same verified software foundation. When an Expanso pipeline service starts on an edge node - whether it’s filtering transactions, processing events, or routing data - it runs inside a container image that has already been hardened and verified.
For the operator, deployment becomes much simpler. Instead of rebuilding containers or auditing dependencies before every rollout, engineers deploy the pipeline using container images that are already designed to be secure. The same verified image runs consistently across every environment - edge nodes in stores, regional clusters aggregating data, and cloud systems performing large-scale analytics.
The result is a distributed pipeline architecture where both layers of the system are purpose-built for reliability at scale. Expanso provides the intelligence that processes and governs data at its source, while Chainguard provides the secure container foundation that those services run on.
Security and intelligence become part of the system itself rather than something teams need to bolt on later.
Changing How Enterprises Think of Distributed Systems
This launch signals a broader shift in infrastructure. For decades, distributed systems were complex, risky, and expensive to manage. Executives and engineers had to deal with multiple clouds, edge locations, and clusters. Every change raised questions: Will performance hold? Can we stay compliant? Can we trust the software running everywhere? A single vulnerability could ripple across hundreds of environments, and fixing it often meant rebuilding and redeploying containers across the fleet.
The combination of Expanso’s intelligent, source-level data pipelines and Chainguard’s secure container builds solves all those issues: complexity is reduced because pipelines handle data locally; risk is minimized because the software foundation is hardened and verified; and operational overhead drops because engineers can deploy with confidence across edge nodes, cloud clusters, or on-prem systems. What once felt dangerous now becomes auditable, reliable, and efficient.
Experience Secure Data Pipelines - And Peace of Mind
Book a free demo to explore how this approach can change the way your organization operates, and see the difference for yourself.
About Expanso
Expanso provides upstream data control for enterprises managing distributed data. By processing, filtering, and governing data at the source - edge, on-prem, or cloud - Expanso reduces costs, cuts data volumes, and makes downstream platforms like Snowflake, Databricks, and Splunk faster and more reliable.
With more than 200 connectors and policy-driven pipelines, Expanso delivers governance and cost control without requiring changes to existing infrastructure.
Learn more at www.expanso.io
About Chainguard
Chainguard is the trusted source for secure open source and commercial software. Its hardened, verifiable container builds eliminate known vulnerabilities before software reaches production.
Chainguard helps enterprises achieve compliance, reduce operational friction, and deploy secure infrastructure at scale. Its customers include Fortune 500 companies across finance, healthcare, AI, and technology.
Learn more at www.chainguard.dev
Free Guide: Edge Data Governance
Learn how to govern data across distributed environments - from edge to cloud - without sacrificing performance or compliance.
Download the Guide