https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/libraries/Recent content in Chainguard Libraries onHugo -- gohugo.ioen-USTue, 25 Mar 2025 08:04:00 +0000https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/libraries/overview/Tue, 25 Mar 2025 08:04:00 +0000https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/libraries/overview/Chainguard Libraries provide enhanced security for open source dependencies in the Java, JavaScript, and Python ecosystems, addressing critical supply chain vulnerabilities through automated patching and continuous monitoring. Modern applications rely heavily on libraries from public repositories like Maven Central, npm Registry, and PyPI, but using these repositories introduces supply chain risks that could expose your applications and system to compromise. Background Open source libraries distributed through public repositories face several security challenges: maintainers may not promptly address vulnerabilities, binary artifacts can be compromised, and the sheer volume of transitive dependencies makes manual security management impractical.https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/libraries/access/Tue, 25 Mar 2025 00:08:04 +0000https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/libraries/access/Chainguard Libraries provide controlled access to security-enhanced Java and Python dependencies through the unified Chainguard platform authentication system. This guide explains how to access (download) Chainguard library artifacts for your organization. Getting started Prerequisites Ensure you have access to Chainguard Libraries. If you are not a Chainguard user yet, a new Chainguard account must be created and configured for access to Chainguard Libraries. If you are already a Chainguard user, the Chainguard account owner in your organization can grant access to Chainguard Libraries.https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/libraries/network-requirements/Wed, 04 Jun 2025 09:30:00 +0000https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/libraries/network-requirements/Chainguard Libraries require specific network access to ensure secure delivery of hardened dependencies to your development environment. This guide details the domains and ports needed for authentication, package downloads, and verification tools. Access for chainctl and other tools For initial configuration with chainctl as well as for verification of downloaded libraries with cosign and other tools, you must allow HTTPS access to the following domains: dl.enforce.dev for download and update of chainctl issuer.https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/libraries/verification/Thu, 03 Jul 2025 12:00:00 +0000https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/libraries/verification/Overview Chainguard’s chainctl tool with the command libraries verify verifies that your language ecosystem dependencies come from Chainguard Libraries, providing critical visibility into your software supply chain security. By verifying binary artifacts across your projects and repositories, you can ensure dependencies are sourced from Chainguard’s hardened build environment rather than potentially compromised public repositories, identify opportunities to improve security posture, and maintain compliance with supply chain security policies. Command characteristics:https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/libraries/cve-remediation/Thu, 11 Sep 2025 00:00:00 +0000https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/libraries/cve-remediation/CVE remediation is a feature in Chainguard Libraries that provides security protection against critical and high CVEs, while medium or low CVEs are not considered. Applications often rely on older versions of libraries, but upstream maintainers may not apply and release patches for those versions. CVE remediation addresses this gap by applying vulnerability fixes from newer releases to older releases, particularly in cases where maintainers are no longer able to support and provide fixes.https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/libraries/scanners/Sat, 04 Oct 2025 12:00:00 +0000https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/libraries/scanners/Vulnerability scanners enable you to understand the potential security risks from libraries used within your applications. Chainguard Libraries provides a trusted source for libraries typically downloaded from public repositories. Chainguard Libraries are rebuilt from the upstream open source project code repository content only. This prevents malware without published source code and reduces almost all risk for software supply chain attacks. In addition, some library versions are available with CVE fixes applied.https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/libraries/browse/Thu, 03 Jul 2025 14:00:00 +0000https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/libraries/browse/Chainguard Libraries includes thousands of libraries and many more individual library versions and artifacts. Through the Chainguard Console, you can browse all available libraries and their versions, and inspect their characteristics before using them in your application development. Access libraries in the Chainguard Console Log in to the Chainguard Console at https://console.chainguard.dev/. In the left-hand navigation under Libraries, expand Ecosystems to find links for browsing Chainguard’s Java and Python libraries.https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/libraries/faq/Tue, 25 Mar 2025 08:04:00 +0000https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/libraries/faq/What security issues can Chainguard Libraries prevent? As detailed on the background and introduction pages, Chainguard Libraries are built directly from source in the Chainguard Factory and the resulting binaries are directly provided to you by Chainguard. Chainguard operates the whole supply chain for the package lifecycle as one reliable, secure partner. You can therefore avoid issues from the following software supply chain attack surface points: Build pipeline Build system Dependency injection Bypass of CI/CD systems Library distribution Library consumption More information about these stages in the software supply chain is available on the Supply chain Levels for Software Artifacts (SLSA) website.https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/libraries/how-libraries-plug-into-workflow/Sat, 02 Aug 2025 16:00:00 +0000https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/libraries/how-libraries-plug-into-workflow/Transcript Interviewer: So Dustin, how does Libraries actually plug into a developer workflow? Dustin Kirkland: Yeah, so I used the word “hydrate” earlier. We hydrate typically a JFrog Artifactory or a Cloudsmith—we hydrate that registry of artifacts with Chainguard securely built artifacts. And we produce this constant flow of tens of thousands of those library version tuples into that environment. And our customers can come to us and get a license for our entire Java ecosystem or our entire Python ecosystem.https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/libraries/how-libraries-help-developers/Sat, 02 Aug 2025 16:00:00 +0000https://deploy-preview-3175--ornate-narwhal-088216.netlify.app/chainguard/libraries/how-libraries-help-developers/Transcript Interviewer: So how does Chainguard Libraries help developers? Dustin Kirkland: Yeah, so building off of that Chainguard Factory, we’ve actually repurposed all of that automation to not just build packages and containers, but actually fetch libraries directly from their upstream source and recompile those Java binaries—JARs—and those Python binaries—wheels—in a new format, or in the same format rather, but totally bootstrapped from source. The fact that we can rebuild those libraries means that we can actually patch them if necessary.