Chainguard Blog
Featured posts
Chainguard Libraries for Java is now GA and includes CVE remediation
Chainguard Libraries for Java is now GA, delivering CVE-remediated dependencies with SBOMs, provenance, and scanner-recognized fixes.
Ross Gordon, Staff Product Marketing Manager
Building a category: Chainguard named a Leader in the inaugural Gartner® Magic Quadrant™ for Software Supply Chain Security
Gartner names Chainguard a Leader in Software Supply Chain Security, highlighting its secure-by-default approach and market vision.
Patrick Donahue, SVP, Product, and Sam Katzen, Director, Product Marketing
Latest updates
- open source
7 reasons you should plan to adopt Sigstore in 2023
Tracy Miranda, Head of Open Source
- research
Software dark matter is the enemy of software transparency
John Speed Meyers, Adolfo Veytia, Dan Luhring, Zack Newman, and Santiago Torres-Arias
- news
Mitigating OpenSSL vulnerability with Chainguard
Dan Lorenc, CEO
- open source
Life of a Sigstore signature
Zachary Newman, Principal Research Scientist and Jed Salazar, Solutions Architect
- news
Sigstore is now generally available
Priya Wadhwa, Engineering Manager
- news
Chainguard at KubeCon North America: October 24-28!
Chainguard Team
- engineering
Is CVE-2022-42889 the next Log4Shell? Not really.
Ariadne Conill, Principal Software Engineer
- open source
Chainguard enthusiastically supports donating ko to CNCF
Jason Hall, Software Engineer
- research
Hunting malware on package repositories
Ly D. Vu, Zachary Newman, and John Speed Meyers
- research
What’s in the CNSA Suite, and who should care?
Zachary Newman, Principal Research Scientist
- security
Putting VEX to work
Adolfo García Veytia, Staff OSS Engineer
- news
What’s software supply chain security got to do with the State of DevOps Report? A Lot.
John Speed Meyers, Principal Research Scientist and Todd Kulesza (Google)