Getting Started with Chainguard Libraries

Open source dependencies power modern applications, but consuming pre-built artifacts from public repositories introduces real software supply chain risk.

In this learning path, you’ll learn how Chainguard Libraries rebuilds open source dependencies from verified upstream source code inside a hardened, SLSA-certified software factory. You’ll understand how Libraries works, how to integrate it into your build systems, how to verify dependency provenance, and how CVE mitigation works for language ecosystems.

After completing the foundational course, you’ll move into ecosystem-specific demonstrations for JavaScript, Java, and Python. Each demo shows a real application build using upstream dependencies, then switches to Chainguard Libraries so you can see exactly what changes, and what doesn’t.

By the end of this path, you’ll be able to:

• Explain how Chainguard Libraries reduces software supply chain risk
• Implement the recommended artifact manager architecture
• Configure direct repository access when needed
• Verify dependency provenance using chainctl
• Understand coverage reporting and troubleshooting patterns
• Evaluate CVE backporting behavior and scanner implications

This path is ideal for teams evaluating Chainguard Libraries or preparing for implementation.