Chainguard Libraries for Python: Now Generally Available with CVE Remediation and Malware Protection
We’re excited to announce the General Availability (GA) for Chainguard Libraries for Python, trusted builds of open source language libraries designed to strengthen malware protection and accelerate CVE remediation.
The recent compromise of 20 popular npm packages, collectively downloaded over 2 billion times, underscores how increasingly sophisticated and widespread software supply chain attacks have become. Because the vast majority of supply chain attacks rely on injecting malicious code somewhere between the source repository and your download, we’re building directly from source to eliminate the risk of the overwhelming majority of malware attacks across all ecosystems. Chainguard Libraries eliminates the risk of consuming packages directly from public registries.
Every package is continuously monitored and distributed through Chainguard’s hardened infrastructure, ensuring integrity from source to production. In addition, Chainguard Libraries for Python now backports patches for select critical and high-severity vulnerabilities, easing the burden on developers by reducing the need to immediately upgrade to the latest versions just to stay secure.
Preventing malware-based exploits AND remediating CVEs
Open source supply chain attacks have become more aggressive and pervasive. Recent ecosystem breaches have exposed how easily threat actors can inject malicious code into dependencies and exploit build and registry vulnerabilities to push dangerous versions of packages to consumers.
We initially announced Chainguard Libraries, knowing that our customers desperately needed a solution to this constant and growing threat of malware without slowing down software builds. And as we worked with over a hundred organizations during our initial beta release, they confirmed this.
Additionally, many customers asked if we could do something to address CVEs across their open source libraries. Updating libraries to the latest versions with CVE fixes is also incredibly time-consuming, with most customers unable to update immediately due to existing build cycle demands.
With this GA release, we are excited to offer CVE Remediation for Chainguard Libraries for Python, with plans to extend support to additional languages over time. This capability was developed in close collaboration with early adopters and power users, who have been testing it in real-world environments to ensure our patches are reliable in production.
With Chainguard Libraries, we fix high and critical Python CVEs by identifying upstream patches, running full tests to ensure nothing breaks, and shipping secure updates – complete with VEX advisories – so customers stay protected without any disruption.
This CVE remediation capability helps customers gain clear operational and security benefits, reducing both the time and risk associated with managing vulnerable dependencies:
Lower risk: Vulnerabilities are removed from Libraries, significantly reducing the attack surface and exposure.
Upgrade when ready: Customers can remain on the library versions that best fit their environments, without being forced into version upgrades just to patch a CVE, allowing customers to upgrade on their own schedule.
Less reporting and toil: With automated remediation, teams spend less time tracking and remediating CVEs, managing exceptions, or writing security justifications.
Streamlined exception management: Simplified processes for handling ‘approved’ libraries, vulnerability management, and compliance reporting.
Integrations with key scanners: Integrations with scanners you’re already using, like Grype and Trivy, to demonstrate CVE reduction.
Get started today
Customers can use Chainguard Libraries for Python through their existing workflows and immediately benefit from CVE Remediation today. CVE fixes can be validated with scanners like Grype and Trivy, with more browsing capabilities to come.
Chainguard Libraries for Python is now generally available. Sign up today to help your teams stay secure and compliant without slowing development.
Share this article
Related articles
- Product
Introducing the Self-Serve Catalog Experience
Chainguard launches the Self-Serve Experience for Catalog customers: instantly add, rename, or remove container images from our catalog, no tickets required.
Tony Camp, Staff Product Manager
- Product
Custom Assembly Updates: Create Multiple, Customized Variants of a Chainguard Container
Customize Chainguard Containers with the latest Custom Assembly update. You can create, edit, and manage secure, zero-CVE image variants directly in the console.
Tony Camp, Staff Product Manager
- Product
Class in Session: Chainguard Contributes to the Higher Education Community
Catch up on what Chainguard is doing with higher education institutions to advance open source security and build the next generation of innovation.
Ewan Simpson, Higher Education Advocate, and SJ Cushing, Field Marketing Manager, Higher Education
- Product
Secure and Free MinIO Chainguard Containers
MinIO pulled its free images—but Chainguard has you covered. Get zero-CVE, continuously built MinIO and MinIO Client containers, free and secure from Chainguard.
Manfred Moser, Senior Principal Developer Relations Engineer, Dimitri John Ledkov, Senior Principal Software Engineer, Lisa Tagliaferri, Senior Director, Developer Enablement, and Aaditya Jain, Senior Product Marketing Manager
- Product
Shifting Left: Why I’m Building at Chainguard
Chainguard SVP of Product Patrick Donahue shares why he is excited to join Chainguard and how he plans to help build products developers love.
Patrick Donahue, SVP of Product
- Product
Announcing Chainguard Libraries for JavaScript: Malware-Resistant Dependencies Built Securely from Source
Chainguard Libraries for JavaScript is designed to protect developers and organizations from compromised packages, malicious updates, and registry-based attacks.
Bria Giordano, Director, Product Marketing