Groowe Groowe BETA / Newsroom
⏱ News is delayed by 15 minutes. Sign in for real-time access. Sign in

Chainguard Launches the First Unified Repository for Secure-by-Default Open Source Artifacts

prnewswire.com
NDSN Nordson Corporation is mentioned as a customer of Chainguard, indicating a potential adoption of their services. However, the article does not provide specific details about the nature or scale of this relationship, making it neutral. FTNT Fortinet is listed as a customer of Chainguard. While this indicates Chainguard's market reach, the article does not offer any specific insights into how Chainguard's new product impacts Fortinet or their relationship, resulting in a neutral sentiment. HPE Hewlett Packard Enterprise is named as a customer of Chainguard. The article does not elaborate on the specifics of this customer relationship or its relevance to the new product launch, thus the sentiment remains neutral. OPEN OpenAI is mentioned as a customer of Chainguard. The article does not provide details on how Chainguard's new repository affects OpenAI or their business, leading to a neutral sentiment. SNAP Snap Inc. is listed as a customer of Chainguard. The article does not specify the impact of Chainguard's new product on Snap Inc. or their business, hence the sentiment is neutral. SNOW Snowflake Inc. is mentioned as a customer of Chainguard. The article does not provide any specific details about the relationship or its impact related to the new product, resulting in a neutral sentiment. AN Autonation Inc. is listed as a customer of Chainguard. The article does not provide details on the specific impact of Chainguard's new product on Autonation Inc., hence the sentiment is neutral. AMPL Amplify Energy Corp. is mentioned as a venture backer of Chainguard. The article does not provide specific details on the financial impact or strategic implications of this investment in relation to the new product launch, resulting in a neutral sentiment. IVP IVP is listed as a venture backer of Chainguard. The article does not provide specific details on the financial impact or strategic implications of this investment in relation to the new product launch, resulting in a neutral sentiment. PK Kleiner Perkins is mentioned as a venture backer of Chainguard. The article does not provide specific details on the financial impact or strategic implications of this investment in relation to the new product launch, resulting in a neutral sentiment.

Chainguard Launches the First Unified Repository for Secure-by-Default Open Source Artifacts One experience for every container, library, OS package, virtual machine, CI/CD workflow,

and agent skill that developers and AI agents consume, with security that improves

automatically as Chainguard builds more artifacts from source

KIRKLAND, Wash., March 17, 2026 /PRNewswire/ -- Chainguard, the trusted source for open source, today announced Chainguard Repository, a single Chainguard-managed experience for pulling secure-by-default open source containers, dependencies, OS packages, virtual machine images, CI/CD workflows, and agent skills that have built-in, intelligent policies to enforce enterprise security standards. As businesses continue to rely on Chainguard for more of their open source artifacts, Chainguard Repository offers them new ways to govern how their engineering teams use open source software safely and compliantly.

The growing risk of AI-driven software development

Attackers are increasingly using AI to develop and prototype malware, perform prompt injection, hijack MCPs, and more. Nearly 455,000 new malicious packages flooded npm, PyPI, and Maven Central in 2025. Meanwhile, the average container carries more than 600 known CVEs, and 89% of container images in production contain known vulnerabilities. As AI increases the speed, scale, and sophistication of supply chain attacks, any vulnerability becomes more exploitable in the future. Even with AI coding tools, engineering teams face a tradeoff: move fast and accept more risk, or slow innovation to stay secure.

"AI is dramatically increasing the speed of software development for defenders and attackers alike. AI coding tools and autonomous agents are generating more code, pulling in more dependencies, and interacting with open source at a scale humans have never seen before," said Dan Lorenc, CEO and Co-founder of Chainguard. "Chainguard Repository is the trust layer for this new era. By giving developers a single, policy-enforced experience for open source, organizations can control what software enters their environments. In a world where software is increasingly generated and deployed autonomously, trust must be built into the foundation."

Automated security and compliance that improves over time

With Chainguard Repository, organizations connect once to a single Chainguard-managed experience with built-in, intelligent policies for secure-by-default open source artifacts. Starting today, customers can consume JavaScript libraries from Chainguard Repository, gaining access to more than 73,000 Chainguard-built JavaScript packages, only falling back to npm when necessary. Chainguard Libraries are built in a SLSA L3-compliant environment and eliminate 99.7% of malware by design. A cooldown protects the upstream fallback from npm malware by giving community researchers time to discover attacks before they are available in an organization's environment. As the AI-native Chainguard Factory builds more packages from source, an organization's security posture improves automatically without having to change settings, endpoints, or a line of code.

Later this year, Chainguard Repository will expand to Python and Java libraries, container images, OS packages, virtual machine images, CI/CD workflows, and agent skills, bringing the same secure-by-default experience and even more policy controls to the entire modern software stack. Additional policy types will include:

Trusted artifacts designed for engineers and AI agents to build safely and quickly

Chainguard Repository advances Chainguard's mission to make open source trustworthy by default by shifting security from reactive scanning and patching to secure-by-default at the point of consumption. Artifacts are built from verifiable, public source code, and intelligent policies add another layer of protection and compliance.

At its core, the repository delivers:

Chainguard Repository integrates with existing artifact managers or can be deployed as a standalone experience.

Chainguard Repository is available in beta. To be among the first organizations to try it, visit https://www.chainguard.dev/libraries/javascript.

About Chainguard

Chainguard is the trusted source for open source. By delivering hardened, secure, and production-ready builds of all the open source software engineers and AI agents rely on, Chainguard helps organizations build faster, stay compliant, and eliminate risk. Its customers include Fortune 500 enterprises and global industry leaders, including Anduril, Canva, Fortinet, Hewlett Packard Enterprise, OpenAI, Snap Inc., and Snowflake. Chainguard is venture-backed by leading investors, including Amplify, IVP, Kleiner Perkins, Lightspeed Venture Partners, Mantis VC, Redpoint Ventures, Sequoia Capital, and Spark Capital. For more information, visit: https://www.chainguard.dev/

SOURCE Chainguard