Introducing Chainguard Libraries for Python: Malware-Resistant Dependencies Built Entirely from Source
New Python language libraries with end-to-end integrity help organizations build software safer and
more efficiently
KIRKLAND, Wash., May 14, 2025 /PRNewswire/ -- Chainguard, the secure foundation for software development and deployment, today announced Chainguard Libraries for Python, an index of malware-resistant Python dependencies built securely from source on SLSA L2 infrastructure. By securely building every library and all of its dependencies from source, Chainguard Libraries for Python provides application security teams with confidence that malware has not been inserted during the build and distribution of libraries in the Python ecosystem, closing a significant gap in the threat landscape. To start, Chainguard has built nearly 10,000 of the most popular projects and will continuously grow its inventory of Python libraries to become the safe source for all open source.
The growing threat of malware in the Python ecosystem
Today, more than half of the world's developers rely on Python, a programming language that has become the foundation of modern AI and machine learning applications. As the popularity of Python has surged, so has the frequency and severity of supply chain attacks against the ecosystem. Notable malware attacks against popular Python packages like Ultralytics and PyTorch TorchTriton have shaken the community and demonstrated the risk of relying on traditional mechanisms (e.g., public registries like PyPI) for language library consumption. These public registries do minimal vetting of hosted artifacts, and they do not provide assurance that the distributed library matches its source code, exposing enterprises to supply chain attacks. Additionally, Python libraries are susceptible to supply chain attacks because many projects include more than just pure Python code — project maintainers often rebundle shared system libraries into their Python libraries to ensure stable behavior. This practice of rebundling OS dependencies into Python libraries obscures the components from security scanners, meaning the vulnerabilities they introduce to production environments go unnoticed and pose a serious risk for enterprise security.
With Chainguard Libraries for Python, Chainguard delivers malware protection for one of the most critical and vulnerable parts of the supply chain — the language dependencies that developers rely on to build and deploy applications. Up to now, application security teams have had no comprehensive solution for mitigating malware without disrupting their developers' workflows and productivity. This left enterprises susceptible to the risks of malicious code that could waste resources, steal application secrets, break production systems, or even leak customer data. Chainguard Libraries for Python integrates with existing artifact managers to empower application security teams to close this massive security hole while meeting developers how they work.
'Chainguard is rebuilding every component for a given library — Python, Java, or otherwise — from source so organizations can mitigate malware, have clear visibility into what exactly is in their software, and eliminate the risk of hidden supply chain vulnerabilities,' said Kim Lewandowski, Co-founder and Chief Product Officer, Chainguard. 'We're providing a secure, trusted source of Python libraries that allows enterprises to remove friction and add security without asking developers to change how they build and deploy software.'
Mitigating malware attacks across Python dependencies
Following the recent launch of Chainguard Libraries for Java, Chainguard is building every dependency for every Python library from source, combating malware injection at the build and distribution links of the open source supply chain. This reduces risk from supply chain threat vectors like compromised build processes, release pipelines, and distribution points. Isolating and rebuilding the shared system dependencies required by Python libraries allows Chainguard to eliminate an additional hidden attack vector stemming from bundled software components.
Chainguard Libraries for Python furthers the company's mission to be the safe source for open source and gives customers greater confidence to ship products more efficiently and securely. Chainguard now helps organizations secure even more of the modern development stack, starting with the OS and runtime environment with minimal, zero-CVE containers and virtual machines, and up to the application layer with language libraries for Python and Java.
'At Paylocity, application security is core to the modern HR, payroll and spend management software we're building,' said Joe Christian, Senior Engineering Manager, Application Security, Paylocity. 'Chainguard already helps us reduce our attack surface while giving our teams confidence in what they're shipping. We see promise in Chainguard Libraries for Python to ensure developers can build securely from the very first line of code.'
'MAN Energy Solutions enables its customers to achieve sustainable value creation in the transition towards a carbon neutral future. As a global provider of large-scale industrial machinery and energy solutions, software supply chain security is a top priority,' Carsten Skov, Senior DevOps Engineer, MAN Energy Solutions. 'Chainguard Containers have already helped us ensure that our containerized analytics workloads are built and run securely by default. Now, we're excited about the potential of Chainguard Libraries for Python to further strengthen our software supply chain by mitigating the risks posed by unverified dependencies and malware in the Python ecosystem. Securing these workloads plays a key role in ensuring that the MAN-CEON Digital Ecosystem continues to meet the requirements of ISO/IEC 27001:2022 and ABS Cyber Safety Certification.'
Chainguard Libraries for Python is now available in early access. For more information, visit https://www.chainguard.dev/libraries
About Chainguard
Chainguard is the secure foundation for software development and deployment. By providing guarded open source software with Chainguard Containers, VMs, and Libraries, built from source and updated continuously, Chainguard helps organizations eliminate threats in their software supply chains. Its customers include Fortune 500 enterprises and global industry leaders, including Anduril, ANZ Bank, Canva, Hewlett Packard Enterprise, MAN Energy Solutions, Snap Inc., and Snowflake. Chainguard is venture-backed by leading investors, including Amplify, IVP, Kleiner Perkins, Lightspeed Venture Partners, Mantis VC, Redpoint Ventures, Sequoia Capital, and Spark Capital. For more information, visit: https://www.chainguard.dev/
View original content to download multimedia: https://www.prnewswire.com/news-releases/introducing-chainguard-libraries-for-python-malware-resistant-dependencies-built-entirely-from-source-302454677.html
SOURCE Chainguard
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
4 hours ago
- Yahoo
SutiSign Enhances eSignature Security with Intelligent ID Verification and 21 CFR Part 11 Compliance
SUNNYVALE, Calif., June 12, 2025 /PRNewswire/ -- SutiSoft leads the way in providing intelligent, cloud-based solutions that transform how businesses operate in a digital world. Today, SutiSoft is excited to announce major enhancements to their electronic signature platform, SutiSign, now featuring dynamic Knowledge-Based Authentication (KBA) and compliance with 21 CFR Part 11 standards. These new features are designed to deliver a smarter, more secure eSigning experience for organizations handling sensitive information and operating under strict regulatory frameworks. With this update, SutiSoft continues its commitment to innovation by integrating intelligent identity verification and regulatory-grade audit capabilities into its already robust eSignature solution. Businesses in highly regulated industries, including healthcare, life sciences, and pharmaceuticals, can now meet compliance mandates while improving signer confidence and process integrity. "Trust and compliance are the foundation of successful digital transactions," said N.D. Reddy, CEO of SutiSoft, Inc. "By introducing AI-powered identity verification and aligning with FDA's 21 CFR Part 11 standards, SutiSign helps businesses manage electronic signatures with confidence, security, and compliance built in from the start." The dynamic Knowledge Based Authentication (KBA) feature uses AI to generate real-time, personalized challenge questions that verify signer identity before granting access to documents. Administrators can define the accuracy level required to pass authentication, set the number of allowed attempts, and control how often a signer can attempt to access the document. These controls ensure that only verified users can view and sign sensitive documents, significantly reducing fraud risk and enhancing security. SutiSign now fully supports 21 CFR Part 11, the FDA regulation that governs the use of electronic records and signatures. The online platform includes secure, time-stamped audit trails that cannot be altered, advanced authentication protocols, and reliable traceability of every action taken on a document. The platform now supports online notarization, allowing users to remotely notarize documents anytime through a trusted notary network. It also integrates with leading payment gateways like Square, Stripe, Clover, and others, enabling users to sign documents and process payments securely in a single step. With these enhancements, SutiSign continues to evolve as a robust, intelligent eSignature platform built for today's compliance-driven business landscape. About SutiSoft SutiSoft develops a comprehensive suite of cloud-based SaaS platforms that streamlines the key business processes for enterprises of all sizes. For more information, please visit our website or call us on 650-969-7884. Contact:CAROL Photo: View original content to download multimedia: SOURCE SutiSoft Inc. Sign in to access your portfolio
Yahoo
4 hours ago
- Yahoo
Liquid Web Releases Free Tech Habits Toolkit Backed by Study on the Digital Behaviors of High Performers
ATLANTA, June 12, 2025 /PRNewswire/ -- Liquid Web, a leader in VPS, WordPress, GPU, and dedicated hosting for small to midsize businesses (SMBs), today announced the launch of its free Tech Habits Toolkit, a powerful, research-backed daily tracking system to help entrepreneurs, digital professionals, and business owners improve focus, efficiency, and work–life balance. The toolkit is released alongside Liquid Web's exclusive study, The Tech Habits of Highly Successful People, which analyzed the daily digital routines of more than 1,000 professionals. The findings reveal that intentional, well-managed tech habits aren't just helpful, they're foundational to sustained success in fast-paced, screen-heavy work environments. Download the tech habits toolkit today > Built for Daily Impact The Tech Habits Toolkit is an interactive workbook that supports healthy digital behavior through daily structured planning, reflection, and end-of-day evaluation. It helps users: Define top priorities each morning. Set and track deep-work hours (without pings or distractions). Monitor app usage across productive vs. distracting categories. Reflect on wins, tech hurdles, and improvement strategies. The structure is grounded in behavioral science, breaking down habits into manageable routines that compound over time. "At Liquid Web, we've always believed that the right technology, or the right use of it, can make all the difference," says Carrie Wheeler, President of Liquid Web. "That's why we created the Tech Habits Toolkit. It's a natural extension of our commitment to empowering business owners to do more, scale faster, and achieve greater success. Just as we provide high-performance hosting and expert support, this toolkit gives professionals a way to optimize their digital routines and create the focus needed to fuel real growth." The Digital Behaviors That Set High Performers Apart The research uncovered strong correlations between tech discipline and performance outcomes Notable insights include: 84% of high performers silence notifications during deep work blocks. Those who block off two 90-minute focus sessions daily complete projects twice as fast as those working in scattered 15-minute chunks. 80% of top achievers begin their day with device-free time, gaining 15–20 minutes of calm, focused planning before checking email. Avoiding smartphones in the first 30 minutes of the day led to 15% faster decision-making. Professionals who rated their digital discipline a 4 or 5 out of 5 were 2.3× more likely to hit key business goals. 44% of highly-successful people take tech-free breaks each day. 18% use focus mode, 16% use app blockers, and 14% use screen time monitors. 66% use calendar and scheduling tools for time management. 40% leverage AI to boost productivity. Successful individuals were 32% more likely to use scheduling tools and 11% more likely to use AI to optimize their calendars and workflows. Integrating a 5-minute break every hour led to 10% higher productivity scores among users. These seemingly small actions create a snowball effect. Respondents who used daily reflection tools, like those featured in the toolkit, were 3× more likely to report lasting improvements in focus over 90 days. Why These Digital Habits Matter Americans are constantly inundated online, and it's impacting productivity. In fact, 41% of U.S. adults say they are online almost constantly, according to Pew Research Center. Deep work can help. Defined as focused, distraction-free time spent on cognitively demanding tasks, it's a cornerstone of high output. A McKinsey study found that it can boost productivity by as much as 500%, especially for roles that involve analysis, strategy, writing, or design. Liquid Web's own data echoes this. Participants who blocked off two 90-minute deep work sessions per day completed strategic projects twice as fast as those who worked in fragmented 15- to 20-minute blocks. The study also revealed morning routines as a differentiator. 80% of high achievers schedule device-free time first thing in the morning, giving themselves 15–20 minutes of uninterrupted mental clarity before opening email. Those who avoided smartphones for the first 30 minutes of the day reported 15% faster decision-making on early tasks. Liquid Web's free Tech Habits Toolkit makes it easy to start your day device-free, and build the kind of focused routines that top performers rely on to save time and think more clearly. Download the Toolkit Today Whether you're a freelancer juggling projects or a founder trying to reclaim focus from endless notifications, the Tech Habits Toolkit can help you build better digital routines and reclaim your attention. Download the free Tech Habits Toolkit and read the full study here: Liquid Web is committed to empowering professionals to reach their full potential with tools that foster clarity, momentum, and performance. From daily digital discipline to enterprise-grade hosting solutions, Liquid Web is here to help you grow. For nearly 30 years, Liquid Web has helped businesses scale confidently with unmatched speed, reliability, and expert support. To learn more, visit About Liquid Web As a cornerstone of CloudOne Digital, Liquid Web leverages best-in-class infrastructure and cloud capabilities to provide unparalleled support and growth for businesses. Building on 25+ years of success, Liquid Web delivers industry-leading hosting for mission-critical sites, stores, and applications to SMBs and the designers, developers, and agencies who create for them. Liquid Web's expansive global reach and support for nearly 200,000 customers is a testament to its reliability and the trust it has garnered from its customers. Our foundation is built by a world-class team of technology and industry experts dedicated to delivering excellence 24/7/365. As a leader in customer service, the rapidly expanding brand has been recognized among INC. Magazine's 5000 Fastest-Growing Companies for 12 years. For media inquiries, please contact:Media Contact Name: Amanda ValleTitle: Global DirectorEmail: media@ View original content to download multimedia: SOURCE Liquid Web Sign in to access your portfolio
Yahoo
4 hours ago
- Yahoo
DSC® Sponsors the 17th Annual Portland Track Festival
DSC® Showcases DREAMCELL®Insoles, Engineered to Fuel Athlete Performance & Recovery PORTLAND, Ore., June 12, 2025 /PRNewswire/ -- DSC®, a global leader in performance foam manufacturing, proudly continues to sponsor the 17th annual Portland Track Festival. As part of its ongoing commitment to athlete-led innovation, DSC® will provide high-performance insoles to athletes at the premiere two-day event. "This year marks 80 years of innovation at DSC®, and we are honored to support the Portland Track Festival once again," said Johnson Chang, CEO of DSC®. "Our mission has always been to design products that meet athletes' highest performance demands. With our ultra-high performance DREAMCELL® and DURAPONTEX® insoles, we're proud to help athletes power through the finish line—and beyond." At the festival, DSC® will provide athletes with DREAMCELL® PX23 and DURAPONTEX® eN25 —two of the DSC's most advanced materials designed to maximize performance, energy return, and comfort. DREAMCELL® PX23 insole is a high-performance insole material under the popular DREAMCELL® brand. Engineered with advanced, high resilience open-cell PU foam, it delivers an unparalleled 50% performance rebound, superior breathability, and long-lasting comfort—supporting athletes through every stride of their journey. DURAPONTEX® eN25 is a next generation, ultra performance closed-cell foam material developed using DSC's proprietary supercritical fluid foaming technology. Engineered specifically for high-impact, jump-dominant sports, it delivers exceptional durability and ultra-lightweight performance. With 65% resiliency, DURAPONTEX® eN25 offers unmatched rebound to support athletes in achieving peak performance. DSC® was the first brand to utilize supercritical foaming technology in the development of an insole at scale with its DURAPONTEX® N-Series. "We appreciate DSC® continuing to support the Portland Track Festival and their commitment to engage with local athletes," said Michael Bergmann, Board Member and Spokesperson of the Portland Track Festival. "These world-class middle and long-distance athletes offer invaluable feedback that helps DSC® refine and elevate its performance products." DSC® not only supports elite athletes at the Portland Track Festival, but also extends nationwide to running clubs across the U.S. Interested running clubs are invited to partner with DSC's Athlete Engagement Program, to test DSC's advanced insole technologies and provide performance data and feedback that drives the next generation of product development. For 80 years since its founding in 1945, Dahsheng Company (DSC®) has been a leader in foam innovation for the sports industries. Known for its premium comfort and performance foam DREAMCELL® and DURAPONTEX®, DSC® partners with top brands and footwear manufacturers worldwide. By advancing innovation and pushing the limits of foam manufacturing, DSC® is dedicated to creating eco-friendly and advanced foam solutions that set new standards in the industry. Visit to learn more about DSC® and its commitment to sustainability and eco-innovation. Media Contact:Erin Pattersont: +1-323-422-0274e: View original content to download multimedia: SOURCE Dahsheng Chemical Sign in to access your portfolio
