-
Welcome to Chainguard Libraries
-
What are Chainguard Libraries, really?
-
Library coverage and supported ecosystems
-
Platform support and native dependency limitations
-
Chainguard Repository
-
Using an artifact manager
-
Direct repository configuration (without an artifact manager)
-
Building applications with Chainguard Libraries
-
Verifying dependency sources and measuring coverage
-
Using chainctl to verify build artifacts
-
Troubleshooting low coverage results
-
CVE mitigation in Chainguard Libraries
-
CVE backporting in practice: A Flask example
-
Additional resources
-
Course wrap-up and what’s next
Building with Chainguard Libraries
Learn how to consume open source libraries with built-in supply chain security using Chainguard Libraries.
This course introduces Chainguard Libraries and shows how to securely build applications using trusted, reproducible open source dependencies. We explore supported ecosystems, recommended architectures, CVE mitigation strategies, and how to verify dependency coverage using chainctl.
At the end of the course, you will be able to:
- Explain the software supply chain risks of consuming libraries from public repositories
- Describe how Chainguard Libraries are built, signed, and distributed
- Identify which ecosystems and libraries Chainguard supports (and current limitations)
- Choose between artifact manager–based and direct access architectures
- Configure builds to consume Chainguard Libraries correctly
- Verify dependency sourcing and coverage using
chainctl - Understand how CVE backporting works for Python libraries and when to use it