Introducing Chainguard Libraries for Python: Malware-Resistant Dependencies Built Entirely from Source
New Python language libraries with end-to-end integrity help organizations build software safer and
more efficiently
KIRKLAND, Wash., May 14, 2025 /PRNewswire/ -- Chainguard, the secure foundation for software development and deployment, today announced Chainguard Libraries for Python, an index of malware-resistant Python dependencies built securely from source on SLSA L2 infrastructure. By securely building every library and all of its dependencies from source, Chainguard Libraries for Python provides application security teams with confidence that malware has not been inserted during the build and distribution of libraries in the Python ecosystem, closing a significant gap in the threat landscape. To start, Chainguard has built nearly 10,000 of the most popular projects and will continuously grow its inventory of Python libraries to become the safe source for all open source.
The growing threat of malware in the Python ecosystem
Today, more than half of the world's developers rely on Python, a programming language that has become the foundation of modern AI and machine learning applications. As the popularity of Python has surged, so has the frequency and severity of supply chain attacks against the ecosystem. Notable malware attacks against popular Python packages like Ultralytics and PyTorch TorchTriton have shaken the community and demonstrated the risk of relying on traditional mechanisms (e.g., public registries like PyPI) for language library consumption. These public registries do minimal vetting of hosted artifacts, and they do not provide assurance that the distributed library matches its source code, exposing enterprises to supply chain attacks. Additionally, Python libraries are susceptible to supply chain attacks because many projects include more than just pure Python code — project maintainers often rebundle shared system libraries into their Python libraries to ensure stable behavior. This practice of rebundling OS dependencies into Python libraries obscures the components from security scanners, meaning the vulnerabilities they introduce to production environments go unnoticed and pose a serious risk for enterprise security.
With Chainguard Libraries for Python, Chainguard delivers malware protection for one of the most critical and vulnerable parts of the supply chain — the language dependencies that developers rely on to build and deploy applications. Up to now, application security teams have had no comprehensive solution for mitigating malware without disrupting their developers' workflows and productivity. This left enterprises susceptible to the risks of malicious code that could waste resources, steal application secrets, break production systems, or even leak customer data. Chainguard Libraries for Python integrates with existing artifact managers to empower application security teams to close this massive security hole while meeting developers how they work.
'Chainguard is rebuilding every component for a given library — Python, Java, or otherwise — from source so organizations can mitigate malware, have clear visibility into what exactly is in their software, and eliminate the risk of hidden supply chain vulnerabilities,' said Kim Lewandowski, Co-founder and Chief Product Officer, Chainguard. 'We're providing a secure, trusted source of Python libraries that allows enterprises to remove friction and add security without asking developers to change how they build and deploy software.'
Mitigating malware attacks across Python dependencies
Following the recent launch of Chainguard Libraries for Java, Chainguard is building every dependency for every Python library from source, combating malware injection at the build and distribution links of the open source supply chain. This reduces risk from supply chain threat vectors like compromised build processes, release pipelines, and distribution points. Isolating and rebuilding the shared system dependencies required by Python libraries allows Chainguard to eliminate an additional hidden attack vector stemming from bundled software components.
Chainguard Libraries for Python furthers the company's mission to be the safe source for open source and gives customers greater confidence to ship products more efficiently and securely. Chainguard now helps organizations secure even more of the modern development stack, starting with the OS and runtime environment with minimal, zero-CVE containers and virtual machines, and up to the application layer with language libraries for Python and Java.
'At Paylocity, application security is core to the modern HR, payroll and spend management software we're building,' said Joe Christian, Senior Engineering Manager, Application Security, Paylocity. 'Chainguard already helps us reduce our attack surface while giving our teams confidence in what they're shipping. We see promise in Chainguard Libraries for Python to ensure developers can build securely from the very first line of code.'
'MAN Energy Solutions enables its customers to achieve sustainable value creation in the transition towards a carbon neutral future. As a global provider of large-scale industrial machinery and energy solutions, software supply chain security is a top priority,' Carsten Skov, Senior DevOps Engineer, MAN Energy Solutions. 'Chainguard Containers have already helped us ensure that our containerized analytics workloads are built and run securely by default. Now, we're excited about the potential of Chainguard Libraries for Python to further strengthen our software supply chain by mitigating the risks posed by unverified dependencies and malware in the Python ecosystem. Securing these workloads plays a key role in ensuring that the MAN-CEON Digital Ecosystem continues to meet the requirements of ISO/IEC 27001:2022 and ABS Cyber Safety Certification.'
Chainguard Libraries for Python is now available in early access. For more information, visit https://www.chainguard.dev/libraries
About Chainguard
Chainguard is the secure foundation for software development and deployment. By providing guarded open source software with Chainguard Containers, VMs, and Libraries, built from source and updated continuously, Chainguard helps organizations eliminate threats in their software supply chains. Its customers include Fortune 500 enterprises and global industry leaders, including Anduril, ANZ Bank, Canva, Hewlett Packard Enterprise, MAN Energy Solutions, Snap Inc., and Snowflake. Chainguard is venture-backed by leading investors, including Amplify, IVP, Kleiner Perkins, Lightspeed Venture Partners, Mantis VC, Redpoint Ventures, Sequoia Capital, and Spark Capital. For more information, visit: https://www.chainguard.dev/
View original content to download multimedia: https://www.prnewswire.com/news-releases/introducing-chainguard-libraries-for-python-malware-resistant-dependencies-built-entirely-from-source-302454677.html
SOURCE Chainguard
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
an hour ago
- Yahoo
Reddy launches the #1 simulation training platform at CCW Las Vegas
LAS VEGAS, June 10, 2025 /PRNewswire/ -- Reddy, the AI coaching platform redefining how customer experience (CX) teams train and develop their agents, today announced the launch of their Reddy 2.0 at Customer Contact Week (CCW) Las Vegas. This marks Reddy's second year of sponsoring at the world's largest CX event, and the most advanced set of features ever released for simulation training across the industry. Reddy 2.0 introduces a major leap forward in enterprise training with fully automated simulation creation, enhanced cross-functional collaboration tools for L&D and QA teams, further security and compliance certifications, and a brand refresh that embodies the platform's vision: transforming customer service agents into high-performing all-stars. Agent Training in the AI Era While much of the industry has rushed toward automation, research has raised caution. A Salesforce study released this week found that AI automation of customer service drops to just a 35% success on any interactions that require more than one step to resolve. This comes on the heels of Klarna's recent announcement that their pivot to full AI automation needed to be scaled back in order to restore human agents to their support model. While working on solving the long-term challenge of creating the complex, multi-turn AI agents of tomorrow, Reddy has bridged the gap with automation of training for better human agents today. In conjunction with the launch of their new features, Reddy also today signed their largest partner to date with over 2K global agents, after having validated gains in new hire performance during an initial piloting period that resulted in a 38x return on investment. Reddy 2.0 Launch Reddy's new features and branding are all designed around connecting various teams within enterprise CX organizations, allowing them to work together more easily to create the highest impact training programs for agents. Automated Simulation Authoring – L&D teams can now generate tailored simulations entirely using AI, with the ability to drop in existing materials to create realistic sandboxes of their complex interactions and systems. Changes to training programs and SOPs can now take instant effect inside of simulations, with the ability to test, version and publish across large content teams. Enterprise Collaboration Suite – Reddy has developed custom-built Learning Management, Knowledge Base and Project Management Systems that all reside inside of the platform and integrate with other common tools. This allows teams to consolidate information and updates in one streamlined workflow, ensuring that agents are always armed with the most up-to-date processes and materials. AI Privacy and Security – This week, Reddy received their SOC 2 Type 2 certification to go along with their HIPAA certification and PCI compliance. Reddy prides itself on the ability to pair software with change management, and in working closely together with Infosec and Procurement teams to navigate evolving policies around Generative AI. "Reddy brings together every team inside the contact center — from L&D to QA to team leads — making it easier than ever to turn agents into all-stars," said Adam Levin, Reddy's CEO and Co-Founder. "Our new design represents those connections, with a dynamic arrow-based system symbolizing the connections we create inside of one platform, and the forward momentum that Reddy helps agents achieve. They're handling more calls with confidence, resolving complex issues at a higher rate, and delivering happier customers for the brand." See It in Action Attendees at CCW Las Vegas can visit Reddy at Booth #1400 to explore the solution and see live demonstrations of its AI coaching platform in action, or learn more at View original content to download multimedia: SOURCE Reddy
Yahoo
2 hours ago
- Yahoo
Shutterstock Receives Stockholder Approval for Proposed Merger with Getty Images
NEW YORK, June 10, 2025 /PRNewswire/ -- Shutterstock, Inc. (NYSE: SSTK) ("Shutterstock"), a leading global creative platform offering high-quality creative content for transformative brands, digital media and marketing companies, today announced that Shutterstock's stockholders approved the adoption of the merger agreement between Shutterstock and Getty Images Holdings, Inc. (NYSE: GETY) ("Getty Images"), with approximately 82% of the issued and outstanding shares of Shutterstock common stock voting in favor, at today's special meeting of Shutterstock stockholders. Stockholder approval marks an important milestone in the process of combining Shutterstock and Getty Images to create a premier visual content company. The combined company will be well-positioned to meet the ever-changing needs of customers through combined investment in content creation, event coverage, and product and technology innovation. "We are very pleased that our stockholders recognize the compelling rationale of this transaction and look forward to the successful completion of our merger with Getty Images," said Paul Hennessy, Shutterstock's Chief Executive Officer. "Our complementary strengths will allow us to better serve customers while also delivering exceptional value to our partners, contributors and stockholders in a fast evolving and competitive environment." Both parties continue to expect the transaction to close in the second half of 2025, subject to required regulatory approvals and other customary conditions. The final voting results will be reported on a Form 8-K filed with the Securities and Exchange Commission. ABOUT SHUTTERSTOCKShutterstock, Inc. (NYSE: SSTK) is a leading global creative platform offering high-quality creative content for transformative brands, digital media and marketing companies. Fueled by millions of creators around the world, a growing data engine and a dedication to product innovation, Shutterstock is the leading global platform for licensing from the most extensive and diverse collection of high-quality 3D models, videos, music, photographs, vectors and illustrations. From the world's largest content marketplace, to breaking news and A-list entertainment editorial access, to all-in-one content editing platform and studio production services—all using the latest in innovative technology—Shutterstock offers the most comprehensive selection of resources to bring storytelling to life. Learn more at and follow us on LinkedIn, Instagram, X, Facebook and YouTube. FORWARD-LOOKING STATEMENTSThe statements in this press release, and any related oral statements, include forward-looking statements concerning Getty Images, Shutterstock, the proposed transaction described herein and other matters. All statements, other than historical facts, are forward-looking statements. Forward-looking statements may discuss goals, intentions and expectations as to future plans, trends, events, results of operations or financial condition, financings or otherwise, based on current beliefs and involve numerous risks and uncertainties that could cause actual results to differ materially from expectations. Forward-looking statements speak only as of the date they are made or as of the dates indicated in the statements and should not be relied upon as predictions of future events, as there can be no assurance that the events or circumstances reflected in these statements will be achieved or will occur or the timing thereof. Forward-looking statements can often, but not always, be identified by the use of forward-looking terminology including "believes," "expects," "may," "will," "should," "could," "might," "seeks," "intends," "plans," "pro forma," "estimates," "anticipates," "designed," or the negative of these words and phrases, other variations of these words and phrases or comparable terminology, but not all forward-looking statements include such identifying words. Forward-looking statements are based upon current plans, estimates and expectations that are subject to risks, uncertainties and assumptions. Should one or more of these risks or uncertainties materialize, or should underlying assumptions prove incorrect, actual results may vary. The forward-looking statements in this press release relate to, among other things, obtaining applicable regulatory approvals for the proposed transaction on a timely basis or otherwise, satisfying other closing conditions to the proposed transaction, on a timely basis or otherwise, the expected tax treatment of the proposed transaction, the expected timing of the proposed transaction, and the integration of the businesses and the expected benefits, cost savings, accretion, synergies and growth to result therefrom. Important factors that could cause actual results to differ materially from the forward-looking statements include, among other things: failure to obtain applicable regulatory approvals in a timely manner or otherwise; interloper risk; failure to satisfy other closing conditions to the transaction or to complete the transaction on anticipated terms and timing (or at all); negative effects of the announcement of the transaction on the ability of Shutterstock or Getty Images to retain and hire key personnel and maintain relationships with customers, suppliers and others who Shutterstock or Getty Images does business, or on Shutterstock or Getty Images' operating results and business generally; risks that the businesses will not be integrated successfully or that the combined company will not realize expected benefits, cost savings, accretion, synergies and/or growth, as expected (or at all), or that such benefits may take longer to realize or may be more costly to achieve than expected; the risk that disruptions from the transaction will harm business plans and operations; risks relating to unanticipated costs of integration; significant transaction and/or integration costs, or difficulties in connection with the transaction and/or unknown or inestimable liabilities; restrictions during the pendency of the transaction that may impact the ability to pursue certain business opportunities or strategic transactions; potential litigation associated with the transaction; the potential impact of the announcement or consummation of the transaction on Getty Images', Shutterstock's or the combined company's relationships with suppliers, customers, employers and regulators; demand for the combined company's products; potential changes in the Getty Images stock price that could negatively impact the value of the consideration offered to the Shutterstock stockholders; the occurrence of any event that could give rise to the termination of the proposed transaction; and Getty Images' ability to complete any refinancing of its debt or new debt financing on a timely basis, on favorable terms or at all. A more fulsome discussion of the risks related to the proposed transaction is included in the information statement and proxy statement/prospectus filed with the SEC by Shutterstock and Getty Images in connection with the proposed transaction. For a discussion of factors that could cause actual results to differ materially from those contemplated by forward-looking statements, see the section captioned "Risk Factors" in each of Getty Images' and Shutterstock's Annual Report on Form 10-K for the fiscal year ended December 31, 2024, subsequent Quarterly Reports on Form 10-Q and other filings with the SEC. Should one or more of these risks or uncertainties materialize, or should underlying assumptions prove incorrect, actual results may vary materially from those indicated or anticipated by such forward looking statements. While the list of factors presented here is, and the list of factors presented in the information statement and proxy statement/prospectus filed with the SEC by Shutterstock and Getty Images in connection with the proposed transaction is considered representative, no such list should be considered to be a complete statement of all potential risks and uncertainties. Unlisted factors may present significant additional obstacles to the realization of forward looking statements. Neither Getty Images nor Shutterstock assumes, and each hereby disclaims, any obligation to update forward-looking statements, except as may be required by law. View original content to download multimedia: SOURCE Shutterstock, Inc. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
2 hours ago
- Yahoo
2025's Leading Digital Experience Platforms Ranked by Info-Tech Research Group for Usability and Business Impact
The recently published Digital Experience Data Quadrant Report from Info-Tech Research Group highlights the top DX solutions for improving user engagement and experience delivery. The report findings are based on user feedback gathered through the firm's SoftwareReviews platform. TORONTO, June 10, 2025 /PRNewswire/ - Info-Tech Research Group has published its annual 2025 Digital Experience Data Quadrant Report, identifying the top eight digital experience (DX) management solutions for enterprise and midmarket spaces for the year. Based on 2,266 end user reviews collected through SoftwareReviews, a division of the global research and advisory firm and a leading source for insights on the software provider landscape, the report helps organizations identify the best solutions to boost user engagement and streamline operations. DX software solutions are essential for delivering seamless, engaging, and consistent interactions across digital channels. With rising expectations around usability and personalization, organizations are under increasing pressure to adopt platforms that offer more than just core features. Prioritizing solutions that align with business goals, address user needs, and support long-term digital strategies is central to staying competitive and driving meaningful outcomes. Info-Tech's Data Quadrant is a comprehensive evaluation tool that uses user feedback from IT professionals to rank software products based on four key dimensions: likeliness to recommend, features scores, net emotional footprint score, and vendor capabilities. These dimensions are aggregated into a Composite Score (CS), which reflects overall user satisfaction and determines the product's placement within the Data Quadrant. The firm's methodology ensures that rankings are based entirely on authentic user reviews – free from analyst opinions or vendor influence. The insights are published to support organizations evaluating solutions to enhance digital engagement and improve overall experience delivery. The 2025 Digital Experience - Enterprise Gold Medalists are as follows: WordPress VIP, 8.9 CS, ranked high for its ease of implementation. Enonic, 8.3 CS, ranked high for driving strong business value. Progress Sitefinity, 8.3 CS, ranked high for its robust web publishing capabilities. OpenText TeamSite, 8.2 CS, ranked high for its multichannel support. Adobe Experience Manager, 8.2 CS, ranked high for its comprehensive content repository. Bloomreach, 8.1 CS, ranked high for its effective content workflow management. The 2025 Digital Experience – Midmarket Gold Medalists are as follows: 8.8 CS, ranked high for its quality of features. Wix, 8.6 CS, ranked high for its high-quality standard templates. User assessments of software categories on SoftwareReviews provide an accurate, transparent view of a fast-evolving market. Info-Tech's reports are informed by the data from users and IT professionals who have intimate experience with the software throughout the procurement, implementation, and maintenance processes. Read the full report: Best Digital Experience Software Solutions 2025 For more information about Info-Tech's SoftwareReviews, the Data Quadrant, or the Emotional Footprint or to access resources to support the software selection process, visit About Info-Tech Research Group Info-Tech Research Group is one of the world's leading research and advisory firms, serving over 30,000 IT and HR professionals. The company produces unbiased, highly relevant research and provides advisory services to help leaders make strategic, timely, and well-informed decisions. For nearly 30 years, Info-Tech has partnered closely with teams to provide them with everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations. To learn more about Info-Tech's divisions, visit McLean & Company for HR research and advisory services and SoftwareReviews for software buying insights. Media professionals can register for unrestricted access to research across IT, HR, and software and hundreds of industry analysts through the firm's Media Insiders program. To gain access, contact pr@ For information about Info-Tech Research Group or to access the latest research, visit and connect via LinkedIn and X. About SoftwareReviews SoftwareReviews is a division of Info-Tech Research Group, a world-class technology research and advisory firm. SoftwareReviews empowers organizations with the best data, insights, and advice to improve the software buying and selling experience. For buyers, SoftwareReviews' proven software selection methodologies, customer insights, and technology advisors help maximize success with technology decisions. For providers, the firm helps build more effective marketing, product, and sales processes with expert analysts, how-to research, customer-centric marketing content, and comprehensive analysis of the buyer landscape. View original content to download multimedia: SOURCE Info-Tech Research Group Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
