CHAINGUARD LABS

Original research on software security

Learn from our team of developers, maintainers, academics and researchers to help you secure your supply chain.

Categories
Research
Articles
Whitepapers
Commentary
Popular topics
Policy
Malware
AL/ML
Base images
Sigstore
SBOM
Open source
SLSA
Save

February 6, 2024

Whitepapers
Why Your Company is Wasting Thousands of Hours on Software Vulnerabilities

June 25, 2023

Articles
Good MLOps is good ML supply chain security

June 6, 2023

Commentary
The Open-Source Software in Our Pockets Needs Our Help

May 10, 2023

Research
Speranza: Usable, privacy-friendly software signing

May 3, 2023

Research
Enforce Against Vulnerability Sprawl with Up-to-Date Images

March 15, 2023

Research
SLSA++ A Survey of Software Supply Chain Security Practices and Beliefs

March 15, 2023

Articles
New SLSA++ Survey Reveals Real-World Developer Approaches to Software Supply Chain Security

March 1, 2023

Research
A Software Supply Chain Security Audit of Git

January 19, 2023

Research
Are SBOMs Good Enough for Government Work?

December 21, 2022

Research
Are SBOMs Any Good?: Preliminary Measurement of the Quality of Open Source Project SBOMs

November 30, 2022

Articles
Securing the Machine Learning Supply Chain

November 10, 2022

Commentary
The Securing Open Source Software Act Is Good, but Whatever Happened to Legal Liability?

November 9, 2022

Research
Software Dark Matter is the Enemy of Software Transparency

November 7, 2022

Research
Sigstore: Software Signing for Everybody

October 17, 2022

Commentary
When will SBOMs finally benefit the federal government’s software supply chain?

October 13, 2022

Research
Hunting Malware on Package Repositories

August 25, 2022

Commentary
Should Uncle Sam Worry About ‘Foreign’ Open-Source Software? Geographic Known Unknowns and Open-Source Software Security

August 23, 2022

Research
Taming Bad Python Packages: Assessing Python Malware Detectors with a Benchmark Dataset

June 21, 2022

Articles
Is Open Source Eating the World’s Software? Measuring the Proportion of Open Source in Proprietary Software Using Java Binaries

March 31, 2022

Whitepapers
All About That Base Image