{"id":38746734,"url":"https://github.com/cloudlinux/securechain-java","last_synced_at":"2026-01-17T11:46:41.107Z","repository":{"id":192668618,"uuid":"684496663","full_name":"cloudlinux/securechain-java","owner":"cloudlinux","description":"TuxCare SecureChain enhances Java supply chain security through vetted libraries, vulnerability fixes, and extended support. Ideal for enterprise-level compliance and secure development.","archived":false,"fork":false,"pushed_at":"2024-10-23T09:40:25.000Z","size":573,"stargazers_count":18,"open_issues_count":0,"forks_count":2,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-08-04T20:31:34.311Z","etag":null,"topics":["compliance-management","dependency-management","enterprise-security","enterprise-security-compliance","java-dependency-management","java-libraries-vetting","java-security","java-supply-chain-security","open-source-security","oss-vulnerability-remediation","sbom","software-bill-of-materials","supply-chain-security","vulnerability-assessment"],"latest_commit_sha":null,"homepage":"https://tuxcare.com/securechain-for-java/","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cloudlinux.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-08-29T08:50:17.000Z","updated_at":"2025-06-02T06:01:24.000Z","dependencies_parsed_at":"2023-10-31T12:24:23.148Z","dependency_job_id":null,"html_url":"https://github.com/cloudlinux/securechain-java","commit_stats":null,"previous_names":["cloudlinux/securechain-java"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/cloudlinux/securechain-java","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudlinux%2Fsecurechain-java","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudlinux%2Fsecurechain-java/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudlinux%2Fsecurechain-java/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudlinux%2Fsecurechain-java/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cloudlinux","download_url":"https://codeload.github.com/cloudlinux/securechain-java/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudlinux%2Fsecurechain-java/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28508422,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T10:25:30.148Z","status":"ssl_error","status_checked_at":"2026-01-17T10:25:29.718Z","response_time":85,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["compliance-management","dependency-management","enterprise-security","enterprise-security-compliance","java-dependency-management","java-libraries-vetting","java-security","java-supply-chain-security","open-source-security","oss-vulnerability-remediation","sbom","software-bill-of-materials","supply-chain-security","vulnerability-assessment"],"created_at":"2026-01-17T11:46:40.493Z","updated_at":"2026-01-17T11:46:41.099Z","avatar_url":"https://github.com/cloudlinux.png","language":null,"readme":"![Java](https://img.shields.io/badge/java-%23ED8B00.svg?\u0026logo=openjdk\u0026logoColor=white\u0026style=flat-square)\n![Apache Maven Badge](https://img.shields.io/badge/Apache%20Maven-C71A36?logo=apachemaven\u0026logoColor=fff\u0026style=flat-square)\n![Gradle Badge](https://img.shields.io/badge/Gradle-02303A?logo=gradle\u0026logoColor=fff\u0026style=flat-square)\n![Spring Badge](https://img.shields.io/badge/Spring-6DB33F?logo=spring\u0026logoColor=fff\u0026style=flat-square)\n![Spring Boot Badge](https://img.shields.io/badge/Spring%20Boot-6DB33F?logo=springboot\u0026logoColor=fff\u0026style=flat-square)\n\n# TuxCare SecureChain for Java\n\n## Introduction\n\nTuxCare SecureChain for Java focuses on Open Source Supply Chain Security. Our mission is to mitigate the risks from known exploits and supply chain attacks targeting OSS components. By offering a trusted repository of vetted and continuously patched open-source Java libraries and packages we provide a solution for effective defense against these pervasive threats.\n\nYou may also check our press release [here](https://tuxcare.com/blog/tuxcare-launches-securechain-for-java-to-bolster-software-supply-chain-security-via-continuously-secured-and-free-repository-service/?utm_source=github\u0026utm_medium=link\u0026utm_term=pr).\n\n## Our Objectives\n\n-   **Improve Security**: We possess both the capabilities and expertise to counter the ever-evolving threats to the software supply chain.\n-   **Address Compliance**: Propel your business forward by effortlessly meeting the demanding software supply chain security regulatory mandates.\n\n## Features\n\n-   **Security Verification**: Vendor-independent verification of Java libraries and dependencies.\n-   **Vulnerability Remediation**: Libraries with removed vulnerabilities and tested thereafter.\n-   **Precise Patching**: We only modify code precisely where needed to fix vulnerabilities, ensuring minimal impact on your application.\n-   **Compatibility Validation**: Post-patching, we test all application methods to ensure full compatibility and functionality.\n-   **Endless Support**: As many years as you need of support with options for flexibility and extension.\n-   **Secure Packaging**: JAR Files Authenticated with Digital Signatures.\n-   **Complete Transparency**: Detailed Software Bill of Materials (SBOM) for Each Library.\n-   **Enterprise Focus**: Tailored for large enterprise companies in various sectors.\n\n**Learn more about our processes:**\n\n[SecureChain Java Library Verification Workflow](details/verification_workflow.md)\n\n[SecureChain Java Library Vulnerability Remediation Workflow](details/vulnerability_remediation_workflow.md)\n\n## **Defense Levels and Access Plans**\n\nDepending on your needs, we offer:\n\n-   Access to the trusted OSS library for your Java application (Free tier, go to [Getting Started](#getting-started) section).\n-   Libraries with removed vulnerabilities, tested and fixed by us ([Request access](https://tuxcare.com/lp/securechain-for-java-form/?utm_source=github\u0026utm_medium=link\u0026utm_term=invuln)).\n-   Endless Lifecycle Support (ELS) versions that span for as long as you need it ([Request access](https://tuxcare.com/lp/securechain-for-java-form/?utm_source=github\u0026utm_medium=link\u0026utm_term=els)).\n\n## Getting Started\n\nTo start using TuxCare SecureChain for Java, follow these steps:\n\n1.  Access our [repository of verified libraries](http://nexus-repo.corp.cloudlinux.com/#browse/browse:tuxcare_vetted) or [request access](https://tuxcare.com/lp/securechain-for-java-form/?utm_source=github\u0026utm_medium=link\u0026utm_term=common) to the next levels of defense.\n\n2.  Easily set up your building tool to use our secure repo (follow [Integration Guide](details/integration_guide.md)).\n\n3.  Start building secure Java applications!\n\nThat's it! With just a quick set up of your building tool, you're all set to use the TuxCare Vetted Repository.\n\n## SBOM Overview\n\nOur Software Bill of Materials (SBOM) provides complete transparency and visibility into the components of each library. With SBOM, you have detailed information about all dependencies, ensuring a secure and compliant use of open-source software. [Learn more about SBOM](https://www.cisa.gov/sbom).\n\n## Support\n\nFacing issues? Reach out to our support team at [support@tuxcare.com](mailto:support@example.com).\n\n## License\n\nFor licensing details, please refer to the license accompanying the SBOM (Software Bill of Materials) file provided for each project.\n\n* * *\n\nPowered by TuxCare.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudlinux%2Fsecurechain-java","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcloudlinux%2Fsecurechain-java","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudlinux%2Fsecurechain-java/lists"}