Chainguard Blog
Featured posts
Chainguard Libraries for Python: Now Generally Available with CVE Remediation and Malware Protection
Chainguard Libraries for Python, trusted open source language libraries designed for CVE remediation and malware protection, is now generally available.
Bria Giordano, Director, Product Marketing, and Anushka Iyer, Product Marketing Manager
The State of Trusted Open Source: December 2025
Chainguard’s State of Trusted Open Source for December 2025 dives into usage trends for Chainguard Containers, CVE data, and why remediation speed matters.
Ed Sawma, VP of Product Marketing, and Sasha Itkis, Product Analyst
Security insights delivered before they become problems
Latest updates
- engineering
Not All SBOMs Are Created Equal
Ariadne Conill, Principal Software Engineer
- open source
Is Sigstore susceptible to psychic signatures? Sources say: sounds suspect
Zachary Newman, Principal Research Scientist
- news
Securing Software Repositories with the OpenSSF
Zachary Newman, Principal Research Scientist
- engineering
The principle of ephemerality
Matt Moore, CTO and Ville Aikas, Distinguished Engineer
- engineering
Intro to OCI Reference Types
Josh Dolitsky, Staff Software Engineer
- news
YOLO Levels: Insecure Your Software Supply Chain!
Dan Lorenc, CEO
- engineering
Zero security debt for container images is possible
Roxanne Joncas
- open source
4 Key Sigstore Takeaways: Recap of Twitter Space with Kelsey Hightower
Lisa Tagliaferri, Director of Developer Education
- security
How Sigstore Can Help You and Your Team Follow the NIST SSDF Recommendations
Lisa Tagliaferri, Director of Developer Education
- security
SLSA vs. Software Supply Chain Attacks
John Speed Meyers, Head of Chainguard Labs
- security
Building trust in our software supply chains with SLSA
Kim Lewandowski, Chief Product Officer
- security
Avoid hidden security debt with these container maintenance best practices
Ariadne Conill, Principal Software Engineer