Does Chainsaw support every package manager we use? +
Sixteen ecosystems are in the proxy today: npm (covers pnpm, yarn, bun), pip / PyPI (covers poetry, uv), Maven, Gradle, Cargo, Go modules, Composer, NuGet, RubyGems, Swift, CocoaPods, Docker, Hugging Face, APT, Yum, and DNF. Each one runs transparently. No wrapper scripts, no lockfile changes.
How does policy enforcement work at proxy time? +
Chainsaw intercepts the resolve request before it reaches the upstream registry, evaluates your active rules against the package, and either passes, warns, or blocks the response inside the normal install flow. No post-install CI scanner, no lockfile rewriting.
Which supply-chain attacks does Chainsaw catch that SCA tools miss? +
Install-script exfiltration (PhantomRaven-shaped), maintainer-account takeover (Axios-shaped), version-number anomalies and backdated publishes, hidden Unicode (GlassWorm, Trojan Source), publish-velocity bursts (Shai-Hulud), reserved-namespace dependency confusion (Birsan), Docker malware feed matching, bundled Hugging Face malware feed, per-layer image enforcement, APT/Yum/DNF hash-chain provenance, Linux distro CVE detection (Alpine, Debian, Red Hat, Oracle Linux), typosquat across fifteen ecosystems, repo-liveness plus ownership match, and checksum fail-closed. See the policy page for how each one composes in a rule.
Does this work with monorepos, Yarn workspaces, and pnpm? +
Yes. Chainsaw proxies the registry; your workspace layout is untouched. Turbo, Nx, Lerna, Yarn workspaces, and pnpm workspaces all work without modification.
How much latency does the proxy add per install? +
On a cache hit, the proxy responds from local blob storage and usually beats the public registry. On a cold fetch, the added overhead is the policy evaluation itself — low single-digit milliseconds for most rules, with GeoIP lookups and vulnerability joins being the slowest.
What happens if Chainsaw itself goes down? +
In monitor mode, Chainsaw fails open with an audit record so installs never break. In enforce mode, the default is fail-closed, but you can flip to fail-open with cache-only fallback per policy. The cache continues to serve previously-allowed installs during a full outage.
Can I start in monitor mode before switching to block? +
Yes. Every rule supports monitor — it logs what would have been blocked without stopping the install. Most teams run monitor for one to two weeks, tune exceptions, then flip rule by rule. The transition is a single policy edit; no redeploy.
What does the MCP server expose to AI agents? +
Read-only queries against policy state, packages, and the audit log by default. With the manage-propose preset, agents can draft policy edits that route through the same approval flow a human uses. No mutation escapes RBAC.
How is the SBOM generated? +
Chainsaw assembles the bill of materials from the packages it has seen transit the proxy for each repository. Export via dashboard or API; the output is CycloneDX 1.6 JSON ready for procurement or audit.
Which SSO providers are supported? +
Any SAML 2.0 or OIDC-compliant identity provider. Okta, Azure AD, Google Workspace, Auth0, Keycloak all work without custom code. SCIM 2.0 provisioning ships with it on Pro and Enterprise.