Exclusive: Chainguard extends Repository scanning and policies to Java, Python and containers

Secure software supply chain solution provider Chainguard Inc. today expanded its Chainguard Repository product with malware scanning, policy enforcement and visibility features that now cover Java packages, Python packages and container images.

The update extends protections that previously applied only to JavaScript packages. Chainguard pitches the move as a way for security and platform teams to set guardrails once for an entire organization, so any artifact a developer or an artificial intelligence agent pulls already meets the company’s security and compliance bar.

The expansion targets a problem the company says has accelerated alongside AI coding tools. Faster development has been matched by a steady run of supply chain attacks, including npm package compromises and credential-stealing worms reported in recent months. Teams typically stack scanners, artifact managers and policy engines to manage the risk, but Chainguard argues those tools act too late in the pipeline or demand constant upkeep.

Chainguard’s proprietary scanner now analyzes upstream Python packages, Java packages and container images for malicious behavior in addition to JavaScript. The scanner sits at the repository level and removes the exposure window that occurs when checks run after an artifact has already been pulled.