Chainguard is expanding its technology with new Java libraries and virtual machines without vulnerabilities. This should help developers create safer working environments without vulnerabilities that can be included in the software.
Preventing vulnerabilities in the original code of software and applications that could potentially cause (supply chain) attacks is still a major problem for many companies. The solutions from the American startup Chainguard attempt to end this problem from the start.
The startup is known for offering open-source container images that are completely free of vulnerabilities, which means they cannot already be embedded in applications during the development process.
Introduction of Chainguard Libraries
The open-source specialist in secure development tools recently announced that it now offers developers an open-source and malware-free set of code libraries in addition to these vulnerability-free container images.
This set of Chainguard Libraries includes a catalog of monitored Java code libraries that are built securely from the start on a so-called Supply-chain Levels for Software Artifacts (SLSA) Level 2 infrastructure.
The Chainguard Libraries have been developed with end-to-end integrity and native package build and distribution protection. This makes these libraries a standard source code for developers to obtain their required Java dependencies safely. This prevents them from introducing malware and other supply chain risks into their environments in any way.
In addition, Chainguard Libraries ensures that ‘friction-heavy’ package management is no longer necessary and integrates easily into various workflows and other developer tools. Examples include software repository managers such as JFrog Artifactory, Cloudsmith, and Sonatype Nexus.
Ultimately, this allows companies to release software faster, without compromising the security of these products.
Availability of Chainguard VMs
In addition to the new vulnerability-free Java libraries, Chainguard is now also introducing virtual machines (VMs) that are completely free of vulnerabilities: the Chainguard VMs.
More specifically, these are minimal, vulnerability-free VM images that are built from the start as secure container host images. This is in contrast to the current legacy general-purpose VMs.
The Chainguard VMs have been specially developed for cloud workloads and offer users a threat-resistant environment that is not affected by the cloud in which they can roll out and run containers.
In addition, these specific VMs help companies reduce the costs and management normally associated with maintaining hosted containers. According to Chainguard, they also provide them with a more secure basis for their development activities.
Chainguard VMs offer advantages such as less overhead for engineers, continuous compliance to reduce vulnerabilities, a secure open-source base and constant open-source upgrades.
The tool is now in early access and is suitable for every (large) cloud provider. This means that there are different versions for managed container services such as Amazon EKS, self-managed container services on AWS EC2, Google Cloud Engine or Microsoft Azure.