Who's Using gVisor

Note: Using gVisor? You can add yourself to this page, contact gvisor-dev@googlegroups.com

This page lists companies that are known to use gVisor. This does not constitute an endorsement.

Companies using gVisor

Ant Group

Ant Group, develops online payment platforms. The company offers a wide range of financial services to consumers and businesses worldwide.

At Ant Group, we are committed to keeping online transactions safe and efficient. Continuously improving security for potential system-level attacks is one of many measures. As a container runtime, gVisor provides container-native security without sacrificing resource efficiency. Therefore, it has been on our radar since it was released.

Read Ant Group's blog post on running gVisor in production at scale (source).

Blink

Blink is a company that specializes in security automation and orchestration powered by generative AI.

Blink uses gVisor to run pods with full isolation including system calls (source).

Cloudflare

Cloudflare is a content delivery network (CDN) and cloud computing security company. It provides a range of services to businesses of all sizes.

It takes just a few seconds for a new gVisor container to start up and begin executing meaningful work in a secure sandbox with near native performance. (A new era for Cloudflare Pages builds)

DigitalOcean

DigitalOcean is a cloud computing provider that offers cloud infrastructure services to developers and businesses.

DigitalOcean uses gVisor in App Platform as a container runtime sandbox (source).

Docker

Docker is a popular container management engine.

Docker for Mac uses the gVisor network stack library for better performance than vpnkit. Note that on Docker for Linux, you can use gVisor as a container runtime.

Freedom of the Press Foundation

The Freedom of the Press Foundation is a non-profit supporting free speech and freedom of the press.

The Dangerzone application converts potentially dangerous PDFs, office documents, or images and convert them to safe PDFs for use by journalists. The document conversion process runs in a gVisor sandbox.

Freedom of the Press Foundation logo

Google

gVisor was designed and developed to efficiently isolate production workloads at scale for Google services. There are millions of gVisor sandbox instances running daily. gVisor powers Google Cloud offerings GKE Sandbox, Cloud Run, App Engine, and more.

Google logo

Grist

Grist combines the flexibility and familiarity of spreadsheets with the power of databases.

Grist uses gVisor to isolate documents from each other and the network (source).

Modal

Modal is a cloud platform that simplifies the execution and management of various computing workloads for data teams and application developers (particularly those working in the field of generative AI).

Compute jobs at Modal are containerized and virtualized using gVisor. (Security at Modal).

Modal labs tweeted about fully running on gVisor (source).

Modal logo

OpenAI

OpenAI develops Artificial Intelligence systems.

OpenAI uses gVisor for "some higher-risk tasks", such as code execution.

Tailscale

Tailscale provides a mesh-based VPN service designed to simplify secure networking between devices and servers.

In userspace mode, Tailscale uses the gVisor netstack library, implementing networking in userspace. (Kernel vs. netstack subnet routing & exit nodes).