Skip to content

TuxCare SecureChain enhances Java supply chain security through vetted libraries, vulnerability fixes, and extended support. Ideal for enterprise-level compliance and secure development.

Notifications You must be signed in to change notification settings

cloudlinux/securechain-java

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

78 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Java Apache Maven Badge Gradle Badge Spring Badge Spring Boot Badge

TuxCare SecureChain for Java

Introduction

TuxCare SecureChain for Java focuses on Open Source Supply Chain Security. Our mission is to mitigate the risks from known exploits and supply chain attacks targeting OSS components. By offering a trusted repository of vetted and continuously patched open-source Java libraries and packages we provide a solution for effective defense against these pervasive threats.

You may also check our press release here.

Our Objectives

  • Improve Security: We possess both the capabilities and expertise to counter the ever-evolving threats to the software supply chain.
  • Address Compliance: Propel your business forward by effortlessly meeting the demanding software supply chain security regulatory mandates.

Features

  • Security Verification: Vendor-independent verification of Java libraries and dependencies.
  • Vulnerability Remediation: Libraries with removed vulnerabilities and tested thereafter.
  • Precise Patching: We only modify code precisely where needed to fix vulnerabilities, ensuring minimal impact on your application.
  • Compatibility Validation: Post-patching, we test all application methods to ensure full compatibility and functionality.
  • Endless Support: As many years as you need of support with options for flexibility and extension.
  • Secure Packaging: JAR Files Authenticated with Digital Signatures.
  • Complete Transparency: Detailed Software Bill of Materials (SBOM) for Each Library.
  • Enterprise Focus: Tailored for large enterprise companies in various sectors.

Learn more about our processes:

SecureChain Java Library Verification Workflow

SecureChain Java Library Vulnerability Remediation Workflow

Defense Levels and Access Plans

Depending on your needs, we offer:

  • Access to the trusted OSS library for your Java application (Free tier, go to Getting Started section).
  • Libraries with removed vulnerabilities, tested and fixed by us (Request access).
  • Endless Lifecycle Support (ELS) versions that span for as long as you need it (Request access).

Getting Started

To start using TuxCare SecureChain for Java, follow these steps:

  1. Access our repository of verified libraries or request access to the next levels of defense.

  2. Easily set up your building tool to use our secure repo (follow Integration Guide).

  3. Start building secure Java applications!

That's it! With just a quick set up of your building tool, you're all set to use the TuxCare Vetted Repository.

SBOM Overview

Our Software Bill of Materials (SBOM) provides complete transparency and visibility into the components of each library. With SBOM, you have detailed information about all dependencies, ensuring a secure and compliant use of open-source software. Learn more about SBOM.

Support

Facing issues? Reach out to our support team at support@tuxcare.com.

License

For licensing details, please refer to the license accompanying the SBOM (Software Bill of Materials) file provided for each project.


Powered by TuxCare.