Security & supply chainChainguard's drop-in Java libraries trade a framework upgrade for an SLA
Chainguard is shipping drop-in remediated Java libraries for legacy shops carrying unpatched CVE backlogs, positioned as a package swap inside the build in place of a framework upgrade. The trade-off is who owns the patching SLA from then on.