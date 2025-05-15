Chainguard launches malware-resistant dependencies for Python

No Comments

The Python programming language has become the foundation of modern AI and machine learning applications. Of course that makes it a prime target for supply chain attacks.

Public registries do minimal vetting of hosted artifacts, and they don't provide assurance that the distributed library matches its source code, exposing enterprises to supply chain attacks. Python libraries are also susceptible to supply chain attacks because many projects include more than just pure Python code -- for example project maintainers often rebundle shared system libraries into their Python libraries to ensure stable behavior.

To help guard against these threats Chainguard is launching Chainguard Libraries for Python, an index of malware-resistant Python dependencies built securely from source on SLSA L2 infrastructure.

By securely building every library and all of its dependencies from source, Chainguard Libraries for Python provides application security teams with confidence that malware hasn’t been inserted during the build and distribution of libraries in the Python ecosystem.

"Chainguard is rebuilding every component for a given library -- Python, Java, or otherwise -- from source so organizations can mitigate malware, have clear visibility into what exactly is in their software, and eliminate the risk of hidden supply chain vulnerabilities," says Kim Lewandowski, co-founder and chief product officer at Chainguard. "We're providing a secure, trusted source of Python libraries that allows enterprises to remove friction and add security without asking developers to change how they build and deploy software."

It integrates with existing artifact managers to empower application security teams to close the massive security hole while not disrupting developers' work.

Building every dependency for every Python library from source combats malware injection at the build and distribution links of the open source supply chain. This reduces risk from supply chain threat points like compromised build processes, release pipelines, and distribution points. Isolating and rebuilding the shared system dependencies required by Python libraries allows Chainguard to eliminate an additional hidden attack vector stemming from bundled software components.

Chainguard Libraries for Python is now available in early access and you can find out more on the Chainguard site.

Image credit: Acnalesky/Dreamstime.com

No Comments
Got News? Contact Us

Recent Headlines

Chainguard launches malware-resistant dependencies for Python

HBO Max makes a surprise comeback

How high availability mitigates the risks of application downtime

NordVPN finally gets a proper GUI on Linux

Stratoshark has been donated to the Wireshark Foundation to boost open source cloud security

AI leads to a new phishing threat every 42 seconds

Poor online experience leads to rise in 'digital rage'

Most Commented Stories

Say 'no thanks' Microsoft Windows 11 and 'yes please' to AnduinOS 1.3

61 Comments

Nintendo says your Switch 2 isn’t really yours even if you paid for it

26 Comments

Move over Windows 11, Windows 12 is the Microsoft operating system we need

23 Comments

Microsoft has finally relented and is giving Windows 11 users the new Start menu they want

23 Comments

Never mind Windows 11, Commodore OS Vision 3.0 is the retro-inspired OS you didn't know you needed -- download it now!

15 Comments

Ditch Microsoft Windows for ALT Workstation 11: A Russian Linux distro with a modern GNOME desktop

14 Comments

Hackers can now bypass Linux security thanks to terrifying new Curing rootkit

11 Comments

Donald Trump secures China trade deal that may ease smartphone and PC prices

10 Comments

© 1998-2025 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.