Chainguard ⛓️

314 npm packages compromised in 22 minutes this morning. echarts-for-react, timeago.js, the entire AntV suite. Chainguard customers were not affected. Full breakdown + IOCs: chainguard.dev/unchained/mini…

🚀 New integration: Chainguard + @EndorLabs Together, we replace the patching treadmill with a verified chain of trust from build to runtime. Check out our new partnership here: chainguard.dev/unchained/buil…

Linky after hearing we set the industry-leading SLA, remediating KEVs in under 24 hrs🕺

node-ipc was compromised today. 3 malicious versions hit npm targeting 500k+ weekly downloads. The payload steals AWS, GCP, Azure, SSH, kubeconfig, GitHub tokens, and AI API keys. Chainguard customers were not affected. Details here: bit.ly/4ww7DS8

Mini Shai-Hulud: attackers exploited pull_request_target workflows in TanStack's GitHub repo to inject malware into 84 versions across 42 packages, all with the same provenance as legitimate releases. Chainguard customers were not impacted: bit.ly/3RE2Eij

Linky's Top 5 Horror Movies 🐙 😱 1. "We'll fix it in the next sprint" 2. The image with 847 CVEs running in prod 3. The dependency that hasn't been maintained since 2019 4. AI agents running wild without Chainguard 5. Scan and patch security

Chainguard Containers now supports 1st Party RPM compatibility for RHEL 9 and RHEL 10, and we're joining FINOS 🎉 Here's what it means for financial services: bit.ly/4nmQA0Z

Let us be your extra hands. You got this. ✋ 🤚 🫱 🫲

Build with trusted open source, you must. May the 4th be with you ✨🛸

your CISO sitting next to your devs letting the AI agents loose without Chainguard

Only ~4% of CVEs (KEVs) are ever exploited in the wild. So at Chainguard, we're committing to the industry's first KEV SLA. Any CVE added to the CISA KEV Catalog affecting a Chainguard image, fixed within one calendar day. bit.ly/4umvd1N

@scholzj Thanks for letting us know! You can submit the issue here, and our team is on it: github.com/chainguard-ima…

Hey @chainguard_dev ... how can I report or fix issues in your container catalog, such as an incorrect alternative image in the security comparison in images.chainguard.dev/directory/imag… and images.chainguard.dev/directory/imag…? Our container images are for 5+ years hosted on Quay.io.

🟩 Chainguard artifacts are safe from the latest npm supply chain attack 🟩 A coordinated npm supply chain attack is targeting SAP ecosystem packages with 2.25M collective monthly downloads. Read more: bit.ly/4n04aH7

Honey, I’m home 🥹 We opened an office in New York City! We've been remote-first since day one and that's not changing. But we've learned over the years that being in the same room matters, so now we have a place to do that. @NYBizJournal shares more: bit.ly/4uD8U8z

The thing that slows down engineering teams most often isn't engineers. @mariamchec, TPM at @OutSystems, has spent her career proving that point. In our third Built Different video, Maria answers rapid-fire questions on leadership, systems, and what she's most proud of. 🎬

Malicious .pth file in elementary-data-0.23.3 landed on PyPI. The Chainguard Factory detected the malicious code and ensured it never reached our customers. ✅ Full analysis: chainguard.dev/unchained/chai…

Couldn't make it to #GoogleCloudNext? We're bringing the fun to you. 🔍 Introducing Malwhere: a word search game where every hidden term is a real threat from the past year. Start searching + share your results: chainguard.dev/malwhere

Our AI-native agent, the Guardener, is an engineer's new BFF 🤗 ✔️ Intelligent context-aware conversion ✔️Builds and tests layer by layer ✔️Deeper context, deeper telemetry via multiple deployment options And now you can see it in action: youtube.com/watch?v=xSQ4w3…

Chainguard customers are safe from the latest wave of supply chain attacks that began last night across npm + PyPI. We did not serve any of the malicious library versions, and our container images are clean. Read our full analysis: bit.ly/4mKNljj

30% of HireVue's cloud engineering team was dedicated to patching. After Chainguard: that team modernized their entire platform, hit FedRAMP in 9 months, and shipped *5* new products in a year. Security overhead is a product velocity problem. chainguard.dev/customers/hire…