CHAINGUARD LABS

Original research on software security

Learn from our team of developers, maintainers, academics and researchers to help you secure your supply chain.

Categories
Research
Whitepapers
Articles
Commentary
Popular topics
Policy
Malware
AL/ML
Base images
SBOM
Open source
Sigstore
SLSA
Save

April 30, 2024

Whitepapers
The State of Hardened Container Images Report

March 28, 2024

Research
Why end-of-life software means 400+ CVEs per year

February 22, 2024

Research
Get 'em while they're hot! How and why Wolfi releases are so fast

February 6, 2024

Whitepapers
Why Your Company is Wasting Thousands of Hours on Software Vulnerabilities

September 11, 2023

Research
Stemming the tide of false positive vulnerabilities

August 3, 2023

Research
The zero CVE challenge: Can official Docker Hub images pass the test?

July 23, 2023

Research
Bad Snakes: Understanding and Improving Python Package Index Malware Scanning

July 18, 2023

Commentary
Bugs in the Software Liability Debate

June 25, 2023

Articles
Good MLOps is good ML supply chain security

June 6, 2023

Commentary
The Open-Source Software in Our Pockets Needs Our Help

May 10, 2023

Research
Speranza: Usable, privacy-friendly software signing

May 3, 2023

Research
Enforce Against Vulnerability Sprawl with Up-to-Date Images

March 15, 2023

Research
SLSA++ A Survey of Software Supply Chain Security Practices and Beliefs

March 15, 2023

Articles
New SLSA++ Survey Reveals Real-World Developer Approaches to Software Supply Chain Security

March 1, 2023

Research
A Software Supply Chain Security Audit of Git

January 19, 2023

Research
Are SBOMs Good Enough for Government Work?

December 21, 2022

Research
Are SBOMs Any Good?: Preliminary Measurement of the Quality of Open Source Project SBOMs

November 30, 2022

Articles
Securing the Machine Learning Supply Chain

November 10, 2022

Commentary
The Securing Open Source Software Act Is Good, but Whatever Happened to Legal Liability?

November 9, 2022

Research
Software Dark Matter is the Enemy of Software Transparency

November 7, 2022

Research
Sigstore: Software Signing for Everybody

October 17, 2022

Commentary
When will SBOMs finally benefit the federal government’s software supply chain?

October 13, 2022

Research
Hunting Malware on Package Repositories

August 25, 2022

Commentary
Should Uncle Sam Worry About ‘Foreign’ Open-Source Software? Geographic Known Unknowns and Open-Source Software Security

August 23, 2022

Research
Taming Bad Python Packages: Assessing Python Malware Detectors with a Benchmark Dataset

June 21, 2022

Articles
Is Open Source Eating the World’s Software? Measuring the Proportion of Open Source in Proprietary Software Using Java Binaries

March 31, 2022

Whitepapers
All About That Base Image