Chainguard Libraries on

Chainguard Libraries overview

Tue, 25 Mar 2025 08:04:00 +0000

Chainguard Libraries provide enhanced security for open source dependencies in the Java, JavaScript, and Python ecosystems, addressing critical supply chain vulnerabilities through automated patching and continuous monitoring. Modern applications rely heavily on libraries from public repositories like Maven Central, npm Registry, and PyPI, but using these repositories introduces supply chain risks that could expose your applications and system to compromise.

Background

Open source libraries distributed through public repositories face several security challenges: maintainers may not promptly address vulnerabilities, binary artifacts can be compromised, and the sheer volume of transitive dependencies makes manual security management impractical. While these repositories enable rapid development, they also introduce supply chain risks that traditional security approaches struggle to address.

Quick start for Chainguard Libraries

Tue, 25 Mar 2025 00:08:04 +0000

Most supply chain attacks succeed the same way: malicious code is injected into a package after the source is written — either as a backdoored binary with no verifiable source, or as a malicious install-time script that runs the moment a dependency is pulled. Recent attacks on LiteLLM, Telnyx, and Axios all followed this pattern.

Chainguard Libraries are rebuilt from verified source in an isolated build environment, making them malware-resistant by design. If the source can’t be verified, the package doesn’t appear in the Chainguard Libraries repository. They are drop-in replacements for the Python, Java, and JavaScript packages your engineers already use, with no breaking changes.

Chainguard Libraries access

Tue, 25 Mar 2025 00:08:04 +0000

Chainguard Libraries provide controlled access to security-enhanced Java and Python dependencies through the unified Chainguard platform authentication system. This guide explains how to access (download) Chainguard library artifacts for your organization.

Getting started

Prerequisites

Ensure you have access to Chainguard Libraries.
- If you are not a Chainguard user yet, a new Chainguard account must be created and configured for access to Chainguard Libraries.
- If you are already a Chainguard user, the Chainguard account owner in your organization can grant access to Chainguard Libraries.
Confirm the name of your organization so you can use it with the --parent parameter to specify your organization when running commands with chainctl.

Direct access vs. artifact manager

There are two approaches to access: Using an artifact manager or direct access.

Chainguard Libraries network requirements

Wed, 04 Jun 2025 09:30:00 +0000

Chainguard Libraries require specific network access to ensure secure delivery of hardened dependencies to your development environment. This guide details the domains and ports needed for authentication, package downloads, and verification tools.

Access for chainctl and other tools

For initial configuration with chainctl as well as for verification of downloaded libraries with cosign and other tools, you must allow HTTPS access to the following domains:

Chainguard Libraries verification

Thu, 03 Jul 2025 12:00:00 +0000

Overview

Chainguard’s chainctl tool with the command libraries verify verifies that your language ecosystem dependencies come from Chainguard Libraries, providing critical visibility into your software supply chain security. By verifying binary artifacts across your projects and repositories, you can ensure dependencies are sourced from Chainguard’s hardened build environment rather than potentially compromised public repositories, identify opportunities to improve security posture, and maintain compliance with supply chain security policies.

CVE remediation for Chainguard Libraries

Thu, 11 Sep 2025 00:00:00 +0000

CVE remediation for Chainguard Libraries provides protection against critical and high CVEs. Applications often rely on older versions of libraries, but upstream maintainers may not apply and release patches for those versions. Chainguard addresses this gap by backporting vulnerability fixes from newer releases to older releases, particularly in cases where maintainers are no longer able to support and provide fixes.

CVE remediation helps reduce risk for organizations that cannot always upgrade quickly, especially when moving to a newer version would introduce disruptive changes. Remediated artifacts are published as incremental patch versions, allowing teams to take a targeted fix for a CVE without taking on a broader upgrade at the same time.

Vulnerability scanners and Chainguard Libraries

Sat, 04 Oct 2025 12:00:00 +0000

Vulnerability scanners enable you to understand the potential security risks from libraries used within your applications.

Chainguard Libraries provides a trusted source for libraries typically downloaded from public repositories. Chainguard Libraries are rebuilt from the upstream open source project code repository content only. This prevents malware without published source code and reduces almost all risk for software supply chain attacks. In addition, some library versions are available with CVE fixes applied. These fixes are backported from newer versions of the open source project by Chainguard to create new libraries of older versions containing these newer changes. Find more details in CVE Remediation.

Browsing Chainguard Libraries

Thu, 03 Jul 2025 14:00:00 +0000

Chainguard Libraries includes thousands of libraries and many more individual library versions and artifacts. Through the Chainguard Console, you can browse all available libraries and their versions, and inspect their characteristics before using them in your application development.

Access libraries in the Chainguard Console

Chainguard Libraries FAQ

Tue, 25 Mar 2025 08:04:00 +0000

What security issues can Chainguard Libraries prevent?

As detailed on the background and introduction pages, Chainguard Libraries are built directly from source in the Chainguard Factory and the resulting binaries are directly provided to you by Chainguard. Chainguard operates the whole supply chain for the package lifecycle as one reliable, secure partner. You can therefore avoid issues from the following software supply chain attack surface points:

Chainguard Libraries for Java

Tue, 25 Mar 2025 08:04:00 +0000

Chainguard Libraries for JavaScript

Thu, 05 Jun 2025 09:00:00 +0000

Chainguard Libraries for Python

Wed, 09 Apr 2025 08:04:00 +0000

How does Chainguard Libraries plug into a developer's workflow?

Sat, 02 Aug 2025 16:00:00 +0000

Transcript

Interviewer: So Dustin, how does Libraries actually plug into a developer workflow?

How does Chainguard Libraries help developers?

Sat, 02 Aug 2025 16:00:00 +0000

Transcript

Interviewer: So how does Chainguard Libraries help developers?