Engineering teams face an impossible tradeoff: slow down to meet security standards and triage CVEs, or move fast and fall out of compliance. But this tradeoff doesn’t need to exist. Here’s the reality: your supply chain security is only as good as the software it scans.

If you use Anchore Enterprise to continuously monitor and enforce supply chain security policies, you know the challenge of a relentless stream of alerts generated by scanning packages from public, unverified registries. Staying secure and remediating the most severe CVEs is often a high-toil, reactive process that is driving up your operational cost and risk.

That’s why we’re excited to announce an expanded partnership with Anchore Enterprise, shifting your workflow from detection to elimination. Now, customers can leverage Anchore’s powerful scanning capabilities across Chainguard Libraries for Python — a trusted source of open source dependencies that proactively eliminates known and unknown risk.

This integration enables you to transition from reactive detection to proactive security. Anchore Enterprise v5.23.0 supports this integration.

Verification meets enforcement

Anchore Enterprise customers can now gain peace of mind that they're protected from both known critical and high-severity CVE risk and unknown malware risk when they use Chainguard Libraries for Python.

Using Chainguard Libraries with your Anchore Enterprise platform allows you to stop malware before it enters your environment, remediate CVEs, and integrate seamlessly into your workflow.

Stopping malware before it enters your environment

The foundation of Chainguard Libraries is verifiable trust. Every library version is built from source in a SLSA L2-certified, tamper-proof environment with full provenance and signed SBOMs.

According to research we published in June 2025, 98% of malware is inserted into Python libraries during the build or distribution stages. This means that scanning an untrusted registry is a race to detect a compromise that’s already happened. Chainguard Libraries for Python eliminates most of your malware risk by design, meaning you wouldn’t have been impacted by recent Python attacks such as num2words, ultralytics, and pytorch. By starting with libraries that are verified and traceable — built from source in a tamper-proof, SLSA L2-certified environment — you eliminate entire classes of malware before detection is even required.

Zero-toil CVE remediation, verified by Anchore Enterprise

This integration allows Anchore Enterprise to identify when Chainguard fixes a critical or high-severity CVE in a Python library through an upstream backport. For developer teams, this allows engineers to avoid time-consuming CVE remediation triage work that slows down product development. Your business remains secure while your team plans its next version upgrade.

For security teams, since Anchore Enterprise validates the Chainguard fix, you now have verifiable proof that the critical and high-severity CVEs are eliminated through Chainguard Libraries. This means fewer dashboards with red flashing lights, less ad-hoc triaging, and more time for your team to focus on mission-critical security work.

Seamless integration with your existing workflow

Joint customers of Chainguard Libraries for Python and Anchore Enterprise can now have a superior security posture without disrupting existing pipelines.

Anchore customers can use their existing workflows to validate Chainguard Libraries just as they do for containers, track overall risk reduction, and clearly measure the security gains achieved by shifting to trusted upstream dependencies.

Instead of scanning and triaging unknown packages from public registries, teams can start with libraries that already come verified, traceable, and significantly less vulnerable.

Together, Anchore and Chainguard Libraries help your organization move beyond reactive scanning and toward proactive, systemic risk elimination — making your supply chain audit-ready by default. Get in touch with our team to learn more about this partnership.