Go to Chainguard.dev
Send feedback Contact
Chainguard Libraries

Chainguard Libraries Verification

Verifying binaries or projects for Chainguard Libraries
Chainguard Libraries

Overview

At any point in time of your use of Chainguard Libraries you can verify binary artifacts, project setups, or even entire directories and repositories for the use of binaries supplied by Chainguard Libraries. This allows you to check adoption of Chainguard Libraries, find opportunities for further replacements or gaps in Chainguard Libraries, and identify artifacts originating from other, less trusted sources.

Chainguard provides the command line tool chainver to enable this verification with the following features:

  • Use a signature-based binary identification and a checksum fallback.
  • Support different binary formats, including JAR, WAR, EAR, ZIP, TAR, WHL, and APK files as well as container images.
  • Allow analysis of directories and nested archive files.
  • Create output in text, json, yaml, and csv format.

Requirements

The following requirements must be met:

  • Linux, MacOS, or Windows operating system.
  • x86_64 or arm64 processor architecture.
  • chainctl installed and available on the PATH.
  • cosign installed and available on the PATH.
  • Sufficient network access available.

Access

chainver is available to customers upon request. The archive includes binaries for different operating systems and processor architectures.

Documentation

Detailed installation and user instructions are included with the provided distribution and with the chainver help command.

Last updated: 2025-07-03 12:00

Chainguard Libraries Network Requirements Prev   Chainguard Libraries FAQ   Next