Chainguard Libraries for Java
Learnning Lab in May 2025 with Manfred Moser
The May 2025 Learning Lab with Manfred Moser covers Chainguard Libraries for Java. It starts with an overview about libraries and the Java ecosystem and progresses to a demo with Apache Maven and Sonatype Nexus.
Sections
- 0:00 Introduction and agenda
- 2:38 Chainguard and containers
- 3:47 Chainguard Factory
- 4:57 Concepts - from containers to libraries
- 9:00 Java and Java libraries
- 12:45 Software supply chain of libraries and attacks
- 19:27 Dependency supply in Java
- 20:30 Repository concept and Maven Central
- 24:32 Chainguard Libraries for Java and repository manager intro
- 28:17 Developer tools
- 29:21 Demo start and setup with chainctl
- 32:55 Sonatype Nexus configuration
- 37:30 Maven configuration
- 40:41 Example project setup, build, and results
- 44:57 Dependency list and tree
- 47:00 Results and verification
- 49:37 Summary
- 50:43 Up next
- 52:55 Questions
Demo
Following are some of the commands used in the demo. More information can be found in the slide deck, the linked resources, and the video.
Creating a pull token:
chainctl auth login
chainctl libraries entitlements list
chainctl auth pull-token --library-ecosystem=java --ttl=1h
Cleaning up the local Maven repository cache:
rm -rf ~/.m2/repository
Building Trino Gateway from source and looking at dependencies:
cd trino-gateway
./mvnw clean install -DskipTests=true
./mvnw dependency:list
./mvnw dependency:tree
Reesource Links
- Chainguard Libraries
- Chainguard Libraries documentation
- Chainguard Libraries for Java documentation
- Slide deck
- Apache Maven
- Sonatype Nexus Repository
- Apache Maven dependency plugin
Last updated: 2025-06-18 21:00