New Python language libraries with end-to-end integrity help organizations build software safer and more efficiently
Chainguard, a leading provider of secure software development and deployment solutions, has announced the release of Chainguard Libraries for Python. This new offering is an index of malware-resistant Python dependencies, meticulously built from source using SLSA L2 infrastructure. By constructing every library and its dependencies from the ground up, Chainguard Libraries for Python ensures that no malware is introduced during the build and distribution processes. This initiative addresses a significant gap in application security, offering teams peace of mind when working with Python libraries. Initially, Chainguard has developed nearly 10,000 of the most popular Python projects, with plans to continuously expand the inventory, aiming to become the trusted source for open-source Python libraries.
The Rising Threat of Malware in Python Development
Python, a cornerstone of modern AI and machine learning, is utilized by over half of developers worldwide. However, as its popularity has grown, so has the threat of supply chain attacks. Recent malware incidents targeting popular Python packages like Ultralytics and PyTorch TorchTriton have highlighted the vulnerabilities within the ecosystem. These attacks expose the risks of relying on public registries such as PyPI, which typically perform minimal vetting of hosted artifacts. Moreover, many Python projects include rebundled system libraries to maintain stability, inadvertently introducing hidden vulnerabilities that can go undetected by security scanners.
Chainguard Libraries for Python offers a robust solution by securely building libraries from the source, addressing a crucial weak point in the software supply chain. This approach not only minimizes the risk of malware but also integrates seamlessly into existing artifact management systems, empowering security teams without disrupting developers’ workflows. Enterprises can thus mitigate the dangers posed by malicious code, which can compromise system integrity, waste resources, or even expose sensitive data.
“Chainguard is rebuilding every component for a given library — Python, Java, or otherwise — from source so organizations can mitigate malware, have clear visibility into what exactly is in their software, and eliminate the risk of hidden supply chain vulnerabilities,” said Kim Lewandowski, Co-founder and Chief Product Officer, Chainguard. “We’re providing a secure, trusted source of Python libraries that allows enterprises to remove friction and add security without asking developers to change how they build and deploy software.”
Also Read: Azul and Moderne Partner to Enhance Java Developer Output
Strengthening Python Dependency Security
Following the successful launch of Chainguard Libraries for Java, the company is now applying its rigorous security standards to Python. By isolating and rebuilding the necessary system dependencies, Chainguard eliminates potential attack vectors associated with bundled software components. This proactive approach mitigates risks arising from compromised build processes, release pipelines, and distribution points.
Chainguard Libraries for Python aligns with the company’s commitment to secure open-source software, enhancing the entire development stack from OS and runtime environments to application-level libraries. This comprehensive security model helps organizations deploy software with greater confidence.
“At Paylocity, application security is core to the modern HR, payroll, and spend management software we’re building,” said Joe Christian, Senior Engineering Manager, Application Security, Paylocity. “Chainguard already helps us reduce our attack surface while giving our teams confidence in what they’re shipping. We see promise in Chainguard Libraries for Python to ensure developers can build securely from the very first line of code.”
“MAN Energy Solutions enables its customers to achieve sustainable value creation in the transition towards a carbon-neutral future. As a global provider of large-scale industrial machinery and energy solutions, software supply chain security is a top priority,” said Carsten Skov, Senior DevOps Engineer, MAN Energy Solutions. “Chainguard Containers have already helped us ensure that our containerized analytics workloads are built and run securely by default. Now, we’re excited about the potential of Chainguard Libraries for Python to further strengthen our software supply chain by mitigating the risks posed by unverified dependencies and malware in the Python ecosystem. Securing these workloads plays a key role in ensuring that the MAN-CEON Digital Ecosystem continues to meet the requirements of ISO/IEC 27001:2022 and ABS Cyber Safety Certification.”