Introducing Chainguard Libraries for Python: Malware-Resistant Dependencies Built Entirely from Source

New Python language libraries with end-to-end integrity help organizations build software safer and
more efficiently
KIRKLAND, Wash., May 14, 2025 /PRNewswire/ -- Chainguard, the secure foundation for software development and deployment, today announced Chainguard Libraries for Python, an index of malware-resistant Python dependencies built securely from source on SLSA L2 infrastructure. By securely building every library and all of its dependencies from source, Chainguard Libraries for Python provides application security teams with confidence that malware has not been inserted during the build and distribution of libraries in the Python ecosystem, closing a significant gap in the threat landscape. To start, Chainguard has built nearly 10,000 of the most popular projects and will continuously grow its inventory of Python libraries to become the safe source for all open source.
The growing threat of malware in the Python ecosystem
Today, more than half of the world's developers rely on Python, a programming language that has become the foundation of modern AI and machine learning applications. As the popularity of Python has surged, so has the frequency and severity of supply chain attacks against the ecosystem. Notable malware attacks against popular Python packages like Ultralytics and PyTorch TorchTriton have shaken the community and demonstrated the risk of relying on traditional mechanisms (e.g., public registries like PyPI) for language library consumption. These public registries do minimal vetting of hosted artifacts, and they do not provide assurance that the distributed library matches its source code, exposing enterprises to supply chain attacks. Additionally, Python libraries are susceptible to supply chain attacks because many projects include more than just pure Python code — project maintainers often rebundle shared system libraries into their Python libraries to ensure stable behavior. This practice of rebundling OS dependencies into Python libraries obscures the components from security scanners, meaning the vulnerabilities they introduce to production environments go unnoticed and pose a serious risk for enterprise security.
With Chainguard Libraries for Python, Chainguard delivers malware protection for one of the most critical and vulnerable parts of the supply chain — the language dependencies that developers rely on to build and deploy applications. Up to now, application security teams have had no comprehensive solution for mitigating malware without disrupting their developers' workflows and productivity. This left enterprises susceptible to the risks of malicious code that could waste resources, steal application secrets, break production systems, or even leak customer data. Chainguard Libraries for Python integrates with existing artifact managers to empower application security teams to close this massive security hole while meeting developers how they work.
'Chainguard is rebuilding every component for a given library — Python, Java, or otherwise — from source so organizations can mitigate malware, have clear visibility into what exactly is in their software, and eliminate the risk of hidden supply chain vulnerabilities,' said Kim Lewandowski, Co-founder and Chief Product Officer, Chainguard. 'We're providing a secure, trusted source of Python libraries that allows enterprises to remove friction and add security without asking developers to change how they build and deploy software.'
Mitigating malware attacks across Python dependencies
Following the recent launch of Chainguard Libraries for Java, Chainguard is building every dependency for every Python library from source, combating malware injection at the build and distribution links of the open source supply chain. This reduces risk from supply chain threat vectors like compromised build processes, release pipelines, and distribution points. Isolating and rebuilding the shared system dependencies required by Python libraries allows Chainguard to eliminate an additional hidden attack vector stemming from bundled software components.
Chainguard Libraries for Python furthers the company's mission to be the safe source for open source and gives customers greater confidence to ship products more efficiently and securely. Chainguard now helps organizations secure even more of the modern development stack, starting with the OS and runtime environment with minimal, zero-CVE containers and virtual machines, and up to the application layer with language libraries for Python and Java.
'At Paylocity, application security is core to the modern HR, payroll and spend management software we're building,' said Joe Christian, Senior Engineering Manager, Application Security, Paylocity. 'Chainguard already helps us reduce our attack surface while giving our teams confidence in what they're shipping. We see promise in Chainguard Libraries for Python to ensure developers can build securely from the very first line of code.'
'MAN Energy Solutions enables its customers to achieve sustainable value creation in the transition towards a carbon neutral future. As a global provider of large-scale industrial machinery and energy solutions, software supply chain security is a top priority,' Carsten Skov, Senior DevOps Engineer, MAN Energy Solutions. 'Chainguard Containers have already helped us ensure that our containerized analytics workloads are built and run securely by default. Now, we're excited about the potential of Chainguard Libraries for Python to further strengthen our software supply chain by mitigating the risks posed by unverified dependencies and malware in the Python ecosystem. Securing these workloads plays a key role in ensuring that the MAN-CEON Digital Ecosystem continues to meet the requirements of ISO/IEC 27001:2022 and ABS Cyber Safety Certification.'
Chainguard Libraries for Python is now available in early access. For more information, visit https://www.chainguard.dev/libraries
About Chainguard
Chainguard is the secure foundation for software development and deployment. By providing guarded open source software with Chainguard Containers, VMs, and Libraries, built from source and updated continuously, Chainguard helps organizations eliminate threats in their software supply chains. Its customers include Fortune 500 enterprises and global industry leaders, including Anduril, ANZ Bank, Canva, Hewlett Packard Enterprise, MAN Energy Solutions, Snap Inc., and Snowflake. Chainguard is venture-backed by leading investors, including Amplify, IVP, Kleiner Perkins, Lightspeed Venture Partners, Mantis VC, Redpoint Ventures, Sequoia Capital, and Spark Capital. For more information, visit: https://www.chainguard.dev/
View original content to download multimedia: https://www.prnewswire.com/news-releases/introducing-chainguard-libraries-for-python-malware-resistant-dependencies-built-entirely-from-source-302454677.html
SOURCE Chainguard

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Yahoo

12 hours ago

• Yahoo

Cyberway Product Innovation Platform: Empowering Enterprise Innovation Processes and Building Exceptional Product Strength

GUANGZHOU , June 22, 2025 /PRNewswire/ -- In the fiercely competitive FMCG market, only efficient innovation can create a true competitive edge. As consumer preferences change rapidly and the market environment remains uncertain, how can companies precisely identify needs, execute efficiently, and continuously optimize their strategies? The Cyberway Product Innovation Platform empowers FMCG enterprises to achieve sustainable growth by providing powerful capabilities in pre-planning insight, in-process control, and post-launch analytics—ultimately enabling the development of exceptional product strength. Before: AI-Powered Foresight for Accurate Market Opportunity Detection AI Opportunity Discovery: Real-time industry data, user behavior, and competitor insights are captured to automatically identify blue ocean markets and unmet needs—fueling inspiration for new product planning. Accelerate Opportunity Capture: Shorten market research cycles and improve speed and accuracy of opportunity identification. AI-Driven Product Definition: Using opportunity and competitor analysis, combined with internal product knowledge bases, the system intelligently generates product concepts, optimizes configurations, and refines packaging and formulas. Agile Response: Ensure product design closely aligns with market needs and competition, allowing rapid focus on core value and improving product-market fit. End-to-End User Demand Management: A comprehensive demand management framework tracks records, statuses, and feedback, aggregating omnichannel voice of customer with AI to identify high-value & Accurate: By realizing and verifying demand in closed-loop cycles, continuously refine product performance, minimize resource waste, and pave the way for the next breakout product. During: Efficient Execution to Deliver Outstanding Products Scientific Project Management System: Integrates visual dashboards, all-in-one workbenches, and real-time notifications via Feishu, WeCom, and DingTalk for full project transparency and synchronized decision-making across teams. Core Value: Reduce communication overhead, improve collaboration efficiency, and prevent project delays. Standardized Project Workflow: Based on industry templates and task libraries, enabling tiered and structured project management tailored to channel requirements. Flexible Control: Guarantees high-quality delivery while allowing adaptive workflows, ensuring key tasks succeed the first time. Cross-Functional Online Collaboration: Integrates marketing, go-to-market, and product workflows to shorten timelines. Interlocked nodes require mutual confirmation to ensure stability and avoid cost waste. Key Feature: Enables synergistic cooperation across departments for performance greater than the sum of its parts. AI Marketing: Tracks competitor strategies and social trends in real time, dynamically generating targeted content and pricing strategies using internal knowledge. Efficient & Agile: Accelerates creative production and drives an integrated "strategy-content-pricing" engine for rapid market response. Online Knowledge Repository: A dedicated enterprise R&D knowledge base aggregating key data such as risk warnings, solutions, and technical documentation. Significant Boost: Empowers faster troubleshooting and prevents redundant errors in R&D. Comprehensive Quality Control System: Embeds IPD checkpoints and technical reviews to govern key milestones; incorporates risk management for prevention, monitoring, and post-analysis. Ultimate Goal: Ensure high-quality project delivery while minimizing potential risks. After: Data-Driven Innovation Strategy Optimization Project Review: Compare project baselines with actual execution to deeply analyze quality, timeline, and cost performance. Deeper Insights: Identify key factors that influence project success. Go-to-Market Tracking: Monitor GMV trends across e-commerce platforms, VOC on social media, and promotional campaign outcomes to pinpoint growth opportunities and risks, driving agile strategy iteration. Advanced Capabilities: Fuel product iteration and innovation, providing a core foundation for the next-generation breakout product. Data Asset Management: Leverages delivery data and gate review points to auto-update master product data, creating a unified view with field supplementation and relationship validation. Long-Term Value: Enables full-lifecycle product data management, enhancing both data quality and business utility. The Cyberway Product Innovation Collaboration Platform is a powerful enabler for FMCG enterprises to enhance product innovation with AI, reduce waste, shorten R&D cycles, and create market bestsellers. From ideation to launch and ongoing optimization, the platform empowers excellence at every stage—allowing businesses to stand out in an intensely competitive landscape. We look forward to partnering with more brands to explore new ways of innovation and co-create the next market blockbuster! Website: Email：Marketing@ View original content: SOURCE Cyberway Information Technology Co., Ltd. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data

Yahoo

2 days ago

• Yahoo

123Invent Inventor Develops Flexible Accessory to Support Growing Plants (LBT-3519)

PITTSBURGH , June 20, 2025 /PRNewswire/ -- "I thought there should be a way to support the height and width of a plant as it grows," said an inventor, from Rochester, N.Y., "so I invented MCKINNON FARMING. My design helps uplift the plant for strong and healthy growth." The invention provides an effective way to support the height and thickness of a growing plant. In doing so, it helps strengthen the plant. As a result, it prevents plants from hanging and looking sloppy. The invention features a flexible design that is easy to use so it is ideal for individuals who grow various types of plants, gardeners, farmers, etc. MCKINNON FARMING is currently available for licensing or sale to manufacturers or marketers. For more information, visit Or contact Al Mc Kinnon at 585-622-2814 or email info@ View original content to download multimedia: SOURCE InventHelp

Yahoo

3 days ago

• Yahoo

2024 Cell and Gene Therapy Market Set for Breakthrough Growth, Says BCC Research

"Comprehensive Review Highlights Market Growth, Innovation, and Investment Trends Driving the Future of Cell and Gene Therapy Tools, Biomanufacturing, and Gene Synthesis" BOSTON, June 20, 2025 /PRNewswire/ -- BCC Research announces the release of its "2024 Cell and Gene: Research Review," which forecasts strong and steady growth across several key areas of the cell and gene therapy (CGT) industry. This momentum is fueled by ongoing innovation, growing investments, and rising global demand for cutting-edge therapeutic solutions. Key Highlights: • Cell and Gene Therapy Tools, and Reagents: Global Markets: The market is projected to grow from $10.0 billion in 2024 to $16.7 billion by the end of 2029. Compound Annual Growth Rate (CAGR): 10.8%. • Cell Therapy Biomanufacturing: Global Markets: The market is projected to grow from $9.7 billion in 2024 to $16.7 billion by the end of 2029. CAGR: 11.5%. • Gene Synthesis: Technologies and Global Markets: The market is projected to grow from $2.0 billion in 2023 to $4.1 billion by the end of 2028. CAGR: 15.8%. Research Coverage and Insights:This Research Review provides a clear snapshot of the fast-moving cell and gene therapy (CGT) industry. It looks at how these technologies are being used across the entire development pipeline from early research to clinical use and large-scale manufacturing, while also examining the key trends, opportunities, and challenges shaping the market. Key insights include:Broad Application Scope: CGT technologies are being applied in preclinical studies, clinical trials, therapeutic production, viral vector development, and personalized medicine. Investment-Driven Growth: A significant rise in funding and investment is accelerating innovation and expanding the CGT pipeline. Innovation at the Core: Breakthroughs in gene editing, cell modification, and biomanufacturing are pushing the boundaries of what is possible in modern medicine. Cost Challenges: Despite strong momentum, the high cost of therapy development continues to be a limiting factor for broader market adoption. Research Summary:The 2024 Cell and Gene: Research Review exemplifies the type of quantitative market data, analysis, and guidance that BCC Research has provided since 1971. This research review includes highlights and excerpts from the following reports published by BCC Research in 2024: • BIO208C Cell and Gene Therapy Tools, and Reagents: Global Markets. • BIO211B Cell Therapy Biomanufacturing: Global Markets. • BIO251A Gene Synthesis: Technologies and Global Markets. • BIO258A Global Automated and Closed Cell Therapy Market. • BIO225B Global Market for Cell and Gene Therapy. • BIO256A Global Live Cell Imaging Market. • BIO257A Global Single-cell Technologies Market. After accessing this Research Review and benefiting from its insight, we encourage you to explore the full portfolio of market research reports for a deeper understanding of each topic. BCC Research remains your trusted partner in market intelligence, and we are committed to supporting your future insights and decisions. Navigate Uncertainty with ConfidenceIn times of rapid change and uncertainty, having the right insights can make all the difference. At BCC Research, we are here to support innovation and help you stay ahead. Our custom research reports provide a comprehensive, 360-degree view of your market landscape, giving you the clarity you need to make informed decisions. We believe that timely, expert market intelligence should be accessible to all. That is why, for a limited time, we are offering 30% off the price of any BCC Research report to help more organizations gain access to our latest data and insights. For further information on any of the reports or to make a purchase, contact us at info@ About BCC Research BCC Research market research reports provide objective, unbiased measurement, and assessment of market opportunities. Our experienced industry analysts' goal is to help you make informed business decisions free of noise and hype. Contact Us Corporate HQ: 50 Milk St. Ste 16, Boston, MA 02109, USAEmail: info@ +1 781-489-7301For media inquiries, email press@ or visit our media page for access to our market research data and analysis extracted from this press release must be accompanied by a statement identifying BCC Research LLC as the source and publisher. Logo: View original content to download multimedia: SOURCE BCC Research LLC Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data