"Chainguard has rebuilt nearly one million unique versions of Java dependencies, including enterprise essentials such as Spring Boot, Jackson, Apache Commons, and Log4j, using the Chainguard Factory, an automated platform for creating software builds based on code originally found in open source software repositories."
"Chainguard provides DevOps teams with an alternative repository for downloading secure libraries and containers, constructed by developers that are augmented by artificial intelligence (AI) agents, to create libraries in a way that adheres to best DevSecOps practices."
"That approach eliminates the need to rely on individual application developers to test every component they use for known vulnerabilities. It's simply not realistic to expect developers to keep track of millions of open source libraries that are found in repositories all across the web."
Chainguard has significantly expanded its secure open source library offerings to include Java, JavaScript, and Python components, all rebuilt using its automated Chainguard Factory platform to meet SLSA Level 2 standards. The company has rebuilt nearly one million Java dependency versions including Spring Boot and Log4j, covers 88% of top 500 JavaScript libraries, and 94% of Python dependencies. This initiative addresses the reality that over 450,000 malicious packages were discovered in the past year. By providing a curated repository with AI-augmented development practices, Chainguard eliminates the burden on individual developers to manually test every component for vulnerabilities, recognizing the impracticality of tracking millions of open source libraries across distributed repositories.
#software-supply-chain-security #open-source-libraries #slsa-framework-compliance #devsecops-practices #malicious-package-prevention
Read at DevOps.com
Unable to calculate read time
Collection
[
|
...
]