Book a demo Get started

Quickstart

Your first block, the first time you run install

Sign up free, copy your client credentials, point your package manager at Chainsaw, and run a single install. The demo policies seeded on every new org will refuse it — that's the activation moment. Edit or delete the demo rules once you've seen them fire.

Sign up free → Jump to the steps

Step 1 of 4

Sign up

Free tier, no credit card. The signup form takes about 30 seconds — email, org name, password. Email verification optional in dev.

Start free →

Step 2 of 4

Copy your client credentials

In your dashboard, go to Access → Client credentials and create a credential pair. You'll get a CLIENT_ID and a CLIENT_SECRET — keep them handy for the next step. The secret is shown once, so copy it now.

Open Access → Client credentials →

Step 3 of 4

Point your package manager at Chainsaw

One config block per ecosystem. No agent, no certificate, no MITM proxy on your network. Pick the package manager you actually use and paste your CLIENT_ID and CLIENT_SECRET from step 2:

npm

Register Chainsaw as your registry:

npm config set registry https://CLIENT_ID:CLIENT_SECRET@chain305.com/chainproxy/repository/@default/npmjs/

Replace CLIENT_ID and CLIENT_SECRET with the values you copied in step 2.

pip / PyPI

Register Chainsaw as your registry:

pip config set global.index-url https://CLIENT_ID:CLIENT_SECRET@chain305.com/chainproxy/repository/@default/pypi/simple
pip config set global.trusted-host chain305.com

Two lines — pip needs trusted-host once credentials are embedded in the URL.

Docker

Register Chainsaw as your registry:

docker login chain305.com

Username: your CLIENT_ID. Password: your CLIENT_SECRET.

Step 4 of 4

Run the demo install

Pick your ecosystem and run the install. The demo packages here are drawn from the OpenSSF malicious-packages feed — long-tail entries flagged for typosquatting or known malware. Chainsaw refuses each one against the seeded demo policies.

npm

npm install lodahs

lodahs is a known typosquat of lodash, flagged in the OpenSSF malicious-packages feed. Chainsaw refuses the install before the package is downloaded.

pip / PyPI

pip install reqeusts

reqeusts is a known typosquat of requests. Chainsaw blocks the install at metadata-fetch time.

Docker

docker pull chain305.com/repository/@default/docker/library/known-malicious-image:latest

Chainsaw checks every image pull against the OpenSSF malware feed and blocks known-bad layers before they hit your registry cache.

What you'll see in the terminal

Chainsaw firewall: BLOCKED by policy "Demo: Block suspected typosquats"
Reason: package name resembles "lodash" with edit distance 1
Detected: typosquat · in OpenSSF malicious-packages index
Install blocked. Edit or delete this rule from your dashboard.

What's next

Now that you've seen it block

Stuck? Book a 30-minute demo and we'll walk you through it together.