Product / Integrations

Smarter security with Chainguard Libraries and Cloudsmith.

Learn more about how Cloudsmith & Chainguard Libraries help prevent supply chain attacks

Made to eliminate supply chain attacks at package build and distribution. Chainguard Libraries is a curated set of high-assurance, open-source packages built entirely from source in a hardened environment. Each package has SLSA Level 2 provenance and is minimal, verifiable, and production-ready. There’s no repackaging and no guesswork. You get secure, reproducible builds with full traceability. These libraries are continuously updated so your dependencies stay current and tamper-resistant.

Pioneering Integration

Leading the way with Chainguard Libraries

Cloudsmith doesn’t wait when we see an opportunity. Recognizing the strategic importance of secure-by-design development, we integrated Chainguard Libraries directly into our platform. These libraries provide a tamper-resistant foundation that ensures end-to-end software integrity from build to production.

Enhance protection across your stack
A single standardized source to secure your dependencies
Continuously built, continuously secured

Secure your development stack with trusted Chainguard Libraries

Chainguard Libraries is a catalog of carefully curated, continuously maintained open source packages designed to deliver high-assurance, minimal packages with strong provenance. Built entirely from source within Chainguard’s hardened, SLSA Level 2-certified infrastructure, it eliminates common risks tied to tampered build systems and untrusted distribution. Managed through Cloudsmith, these libraries become a reliable, globally available source of secure components. Always up-to-date, verifiable, and ready for production use.

Built for velocity without compromise

Chainguard Libraries is designed to help engineering teams move fast and stay secure by replacing manual curation and removing the bottlenecks of traditional policy-driven approvals. With Cloudsmith’s global platform handling the distribution of your Chainguard Libraries, teams can build, test, and deploy faster while maintaining trust. Automatic updates and streamlined access mean your developers stay productive, while Cloudsmith ensures libraries are delivered safely, quickly, and consistently, anywhere in the world.

Pre-verified packages, ready for secure distribution

Chainguard Libraries is already curated, verified, and continuously updated to meet strict security standards. When they reach Cloudsmith, there’s less to check and more time to build. Cloudsmith adds an extra layer of governance, letting you define who can access, approve, or promote libraries, monitor usage patterns, and get high visibility into your components. Together, Chainguard and Cloudsmith simplify policy enforcement and support secure-by-default development.

Resources

Find out more about Chainguard Libraries

Chainguard Libraries Homepage

Chainguard Libraries Overview

Integrations

Discover more Cloudsmith Integrations

See all integrations