Chainguard is expanding Repository with new policy controls, malware and greyware scanning, and support for Java, Python, and container artifacts—helping organizations govern software consumption across developers, AI agents, and build pipelines without sacrificing developer velocity.
According to the company, it is expanding the surface area of source code and maintainer behavior scanner from just analyzing upstream JavaScript packages to also include upstream Python packages, Java packages, and container images. The proprietary malware scanner sits at the repository level. This ensures that the organization is never susceptible to an exposure window, as teams can access only artifacts that have been checked for malicious behavior.
Unlike other firewalls, the scanner also monitors for greyware, a term the company has coined for packages that do exactly what they say, except what they do is malicious in nature, such as harvesting credentials or storing LLM prompts to a third-party server.
For Chainguard Containers, the company is adding three policies that govern how teams build applications. You can now:
- Block images that reach end of life: This ensures your team never ships an image that no longer receives updates.
- Restrict images to those that have long-term support: This narrows your image catalog to versions that carry an extended maintenance commitment.
- Set cooldowns: This gives your team a buffer between when a new version is published and when it’s eligible to be pulled, preventing your team from being caught off guard by upstream changes.
For Chainguard Libraries, the company is adding custom blocking, which prevents developers from pulling any specific project or version if it doesn’t meet the organization’s standards for a predetermined reason.
Across Chainguard Containers and Chainguard Libraries, overrides are also available. This allows users to manually override any active policy to gain access to the desired artifact.
Chainguard Repository now allows users to preview how the policy would impact current consumption of open source.
Chainguard Repository now offers greater visibility into which artifacts were blocked, which policies triggered the block, and on what day it happened. This data allows you to identify patterns in artifact usage, such as reliance on outdated or unsupported versions, the company said.
With Chainguard Repository, users can set policies once and enforce them automatically across all machines and pipelines. This shifts responsibility from individual developers to the enterprise’s security and platform teams, ensuring standards are applied consistently and at scale.
Movind forward, the company plans to expand the types of policies and artifacts available in Chainguard Repository to continue providing the granular controls needed to govern the supply chain.
For more information about this news, visit www.chainguard.dev.