https://github.com/cloudlinux/securechain-java

TuxCare SecureChain enhances Java supply chain security through vetted libraries, vulnerability fixes, and extended support. Ideal for enterprise-level compliance and secure development.
https://github.com/cloudlinux/securechain-java

compliance-management dependency-management enterprise-security enterprise-security-compliance java-dependency-management java-libraries-vetting java-security java-supply-chain-security open-source-security oss-vulnerability-remediation sbom software-bill-of-materials supply-chain-security vulnerability-assessment

Last synced: 28 days ago
JSON representation

TuxCare SecureChain enhances Java supply chain security through vetted libraries, vulnerability fixes, and extended support. Ideal for enterprise-level compliance and secure development.

• Host: GitHub
• URL: https://github.com/cloudlinux/securechain-java
• Owner: cloudlinux
• Created: 2023-08-29T08:50:17.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2024-10-23T09:40:25.000Z (over 1 year ago)
• Last Synced: 2025-08-04T20:31:34.311Z (6 months ago)
• Topics: compliance-management, dependency-management, enterprise-security, enterprise-security-compliance, java-dependency-management, java-libraries-vetting, java-security, java-supply-chain-security, open-source-security, oss-vulnerability-remediation, sbom, software-bill-of-materials, supply-chain-security, vulnerability-assessment
• Homepage: https://tuxcare.com/securechain-for-java/
• Size: 560 KB
• Stars: 18
• Watchers: 4
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
![Java](https://img.shields.io/badge/java-%23ED8B00.svg?&logo=openjdk&logoColor=white&style=flat-square)

![Apache Maven Badge](https://img.shields.io/badge/Apache%20Maven-C71A36?logo=apachemaven&logoColor=fff&style=flat-square)

![Gradle Badge](https://img.shields.io/badge/Gradle-02303A?logo=gradle&logoColor=fff&style=flat-square)

![Spring Badge](https://img.shields.io/badge/Spring-6DB33F?logo=spring&logoColor=fff&style=flat-square)

![Spring Boot Badge](https://img.shields.io/badge/Spring%20Boot-6DB33F?logo=springboot&logoColor=fff&style=flat-square)

# TuxCare SecureChain for Java

## Introduction

TuxCare SecureChain for Java focuses on Open Source Supply Chain Security. Our mission is to mitigate the risks from known exploits and supply chain attacks targeting OSS components. By offering a trusted repository of vetted and continuously patched open-source Java libraries and packages we provide a solution for effective defense against these pervasive threats.

You may also check our press release [here](https://tuxcare.com/blog/tuxcare-launches-securechain-for-java-to-bolster-software-supply-chain-security-via-continuously-secured-and-free-repository-service/?utm_source=github&utm_medium=link&utm_term=pr).

## Our Objectives

-   **Improve Security**: We possess both the capabilities and expertise to counter the ever-evolving threats to the software supply chain.

-   **Address Compliance**: Propel your business forward by effortlessly meeting the demanding software supply chain security regulatory mandates.

## Features

-   **Security Verification**: Vendor-independent verification of Java libraries and dependencies.

-   **Vulnerability Remediation**: Libraries with removed vulnerabilities and tested thereafter.

-   **Precise Patching**: We only modify code precisely where needed to fix vulnerabilities, ensuring minimal impact on your application.

-   **Compatibility Validation**: Post-patching, we test all application methods to ensure full compatibility and functionality.

-   **Endless Support**: As many years as you need of support with options for flexibility and extension.

-   **Secure Packaging**: JAR Files Authenticated with Digital Signatures.

-   **Complete Transparency**: Detailed Software Bill of Materials (SBOM) for Each Library.

-   **Enterprise Focus**: Tailored for large enterprise companies in various sectors.

**Learn more about our processes:**

[SecureChain Java Library Verification Workflow](details/verification_workflow.md)

[SecureChain Java Library Vulnerability Remediation Workflow](details/vulnerability_remediation_workflow.md)

## **Defense Levels and Access Plans**

Depending on your needs, we offer:

-   Access to the trusted OSS library for your Java application (Free tier, go to [Getting Started](#getting-started) section).

-   Libraries with removed vulnerabilities, tested and fixed by us ([Request access](https://tuxcare.com/lp/securechain-for-java-form/?utm_source=github&utm_medium=link&utm_term=invuln)).

-   Endless Lifecycle Support (ELS) versions that span for as long as you need it ([Request access](https://tuxcare.com/lp/securechain-for-java-form/?utm_source=github&utm_medium=link&utm_term=els)).

## Getting Started

To start using TuxCare SecureChain for Java, follow these steps:

1.  Access our [repository of verified libraries](http://nexus-repo.corp.cloudlinux.com/#browse/browse:tuxcare_vetted) or [request access](https://tuxcare.com/lp/securechain-for-java-form/?utm_source=github&utm_medium=link&utm_term=common) to the next levels of defense.

2.  Easily set up your building tool to use our secure repo (follow [Integration Guide](details/integration_guide.md)).

3.  Start building secure Java applications!

That's it! With just a quick set up of your building tool, you're all set to use the TuxCare Vetted Repository.

## SBOM Overview

Our Software Bill of Materials (SBOM) provides complete transparency and visibility into the components of each library. With SBOM, you have detailed information about all dependencies, ensuring a secure and compliant use of open-source software. [Learn more about SBOM](https://www.cisa.gov/sbom).

## Support

Facing issues? Reach out to our support team at [support@tuxcare.com](mailto:support@example.com).

## License

For licensing details, please refer to the license accompanying the SBOM (Software Bill of Materials) file provided for each project.

* * *

Powered by TuxCare.