"The Chainguard Libraries for JavaScript service from Chainguard provides access to a collection of curated builds of thousands of common JavaScript dependencies that were created from source using a platform based on the Supply-chain Levels for Software Artifacts (SLSA) framework originally developed by Google. Chainguard then makes those libraries available as a set of containers or virtual machines that can be more easily deployed anywhere."
"As is the case with the Chainguard repositories for Java and Python applications, the Chainguard Libraries for JavaScript is also designed to integrate with existing artifact managers, such as JFrog Artifactory and Sonatype Nexus. As valuable a service that npm repositories have provided, the simple fact of the matter is that the maintainers of these platforms simply lack the resources and expertise required to curate JavaScript libraries, noted Donahue."
Chainguard launched a private beta offering curated JavaScript libraries to secure software supply chains. The service provides curated builds of thousands of common JavaScript dependencies built from source using a SLSA-based platform. Libraries are distributed as containers or virtual machines and integrate with artifact managers like JFrog Artifactory and Sonatype Nexus. The offering aims to reduce malware risk after several NPM incidents including the Shai-Halud attack. Chainguard positions this as an enterprise-grade alternative because NPM maintainers lack resources to curate libraries. Chainguard will refresh libraries to remove any newly discovered malware.
Read at DevOps.com
Unable to calculate read time
Collection
[
|
...
]