We have recently seen a spate of malware being introduced into open source libraries, specifically to target the software supply chain. This includes the attacks on Axios, LiteLLM, CanisterWorm, Elementary Data, SAP’s Cloud Application Programming Model, @TanStack, and Intercom. And that’s just some of the major attacks over the last 40 days. While these attacks have caused significant uncertainty, damage, and costs across the technology industry (the average cost of a data breach is estimated at $4.4M), Chainguard customers have been fully protected. This post explains why this has been the case, and how we continue to protect our customers with the best, most secure supply chain available.

Building from source

Chainguard provides open source dependencies that are built from source in our secure, controlled environment. 

This simple statement provides the best-known layer of defense against malware injections. In this recent wave of supply chain attacks, a common attack vector has been the introduction of binary artifacts without corresponding source code. Poisonous binaries are inserted into the package itself, its dependency chain, or in the publishing pipeline. The trust-by-default nature of the general open source supply chain means that these binaries — which could do anything — are automatically added to consumers' laptops, servers, and infrastructure, where they can wreak havoc. Our research shows that 98%+ of malware lacks publicly verifiable source code. By building from source, we ensure that Chainguard-built packages are protected against malware. When source code is published, it can be vetted by the community, built by Chainguard, and made available to our customers’ environments.

While this statement is simple, achieving it is difficult. Chainguard has applied its years of experience in building secure, trustworthy container images at scale to solve this problem. It is only because of our bespoke, AI-powered Factory that we are able to rebuild millions of packages from millions of different developers and communities, each with a different way of building and compiling. In particular, one challenge is identifying the commit or release that corresponds to a published artifact, as this process is non-standard and often a low priority for developers. Being able to make these links, though, is required to reproduce the upstream artifacts from source ourselves.

With Chainguard Libraries, customers rely on a single controlled, auditable system rather than trusting the varying security standards of thousands of independent build environments. In addition, Chainguard automatically removes any steps in the build process that are fundamentally risky, prone to abuse, or outright unsafe. An instructive example for the latter is that Chainguard Libraries will not run install-time scripts, which is how malware in the Axios package was introduced. Operating within these constraints often requires significant effort to achieve the same result, but this is the promise and value that Chainguard repeatedly brings to the software supply chain. When publisher credentials were used to ship two malicious versions of LiteLLM, the updates lacked publicly verifiable source code. Again, by building exclusively from source, Chainguard ensures our catalog of packages is not vulnerable to this entire threat vector. 

Threat intelligence

In any good security approach, no matter how strong the design principles are, it’s vital to aim for defense-in-depth. And while the built-from-source approach protects, it’s important to provide complementary mechanisms as well. 

Chainguard provides this additional layer of protection through Sentinel, our next-generation orchestration system powered by Chainguard’s DriftlessAF agentic framework for consuming threat intelligence sources regarding the trustworthiness of our packages. Sentinel is designed to ingest a variety of intelligence sources and feeds, from simple binary indicators to more nuanced, grey-area signals, to provide Chainguard with high-quality signals about the software we build and distribute on an ongoing basis. 

The precise details of how Sentinel operates and the feeds it consumes are deliberately kept secret to keep Chainguard one step ahead of bad actors. The details are constantly evolving as Chainguard continues to lead the fight to secure the software supply chain and protect customers against emerging, AI-assisted threats.

The legacy approach, and why it should be left behind

By securing your supply chain, you defend against the latest threats. Traditionally, this problem would have been addressed by running malware scans across your infrastructure or estate to monitor for known malware or suspicious activity. But monitoring, while important, still means you may have to take action to remediate once an issue is discovered.

In the era of AI, this scanning cannot react fast enough. As we have seen in recent attacks, introducing malicious code upstream to exfiltrate data from victims takes only minutes, and timelines are decreasing as new attacks land. For example, the new dependency used in the Axios attack - plain-crypto-js - was first published only 24 minutes before being used to exfiltrate data. This makes purely reactive controls insufficient. Malicious typosquatted versions of tanstack were available online for seven hours before anyone noticed. By the time an alert is generated, the damage may already be done. Once malware is in your environment, it can only take seconds to exfiltrate gigabytes worth of company data or private credentials. The only way to defend in this new era is to stop the attacks at the source, by building from source.

Responding to security alerts and incidents has been hard for a long time, and is only getting harder as the AI-powered generation of coding tools speeds up the software industry.  The circumstances are ideal for a change in approach. The industry needs to go from fighting a constant uphill battle to switching to a secure-by-default security posture, where you don’t have to think about malware and don’t have to respond to alerts.  Chainguard provides these commitments so that our customers can stop thinking about security, and rely on us to take care of that for them while they go build the next awesome thing.

Check out Chainguard Libraries to learn more about how you can protect your organization from the next supply chain attack.