Chainguard has announced Chainguard Libraries, a catalog of guarded Java language libraries built securely from source on SLSA Level 2 infrastructure. The offering provides a standardized, malware-free source for Java dependencies, reducing supply chain security risks while streamlining developer workflows.

By eliminating friction-heavy package curation, Chainguard Libraries allows enterprises to ship software faster without sacrificing security. The catalog includes 20,000 popular Java dependencies with five years of version coverage, ensuring safer consumption of open-source packages.

“Developers need a better way to consume open source language dependencies that unites ease of use with trusted security. Chainguard Libraries provides a secure, trusted source for Java dependencies, built entirely from source in Chainguard’s hardened environment,” said Dan Lorenc, CEO and Co-founder, Chainguard.

“By eliminating the supply chain security risks associated with traditional public registries, we’re helping enterprises lock down a critical attack vector in their environments. At the same time, we’re making developers’ lives easier by removing the friction of manual or policy-based package curation and giving them one trusted source for dependencies that integrates seamlessly into their existing workflows. With Chainguard Libraries, organizations can build faster and safer, without any compromises,” Lorenc added.

The launch builds on Chainguard’s success in securing container images and extends its mission to enhance open-source security across compute modalities and the software development lifecycle. Industry experts, including Katie Norton, Research Manager at IDC, have highlighted the growing need for verifiable, trusted software components.

Chainguard Libraries is currently available in Beta. Developers can sign up at chainguard.dev/libraries to gain early access.