chainguard-dev · s-stumbo · Feb 6, 2026 · Feb 6, 2026 · Feb 13, 2026 · mosabua
@@ -14,12 +14,12 @@ weight: 003
 toc: true
 ---
 
-Chainguard Libraries require specific network access to ensure secure delivery of hardened Java and Python dependencies to your development environment. This guide details the domains and ports needed for authentication, package downloads, and verification tools.
+[Chainguard Libraries](/chainguard/libraries/overview/) require specific network access to ensure secure delivery of hardened dependencies to your development environment. This guide details the domains and ports needed for authentication, package downloads, and verification tools.
 
-### Access for chainctl and other tools
+## Access for chainctl and other tools
 
 For initial configuration with chainctl as well as for verification of
-downloaded libraries with cosign and other tools, you must have HTTPS access to
+downloaded libraries with cosign and other tools, you must allow HTTPS access to
 the following domains:
 
 * `dl.enforce.dev` for download and update of chainctl
@@ -29,17 +29,14 @@ the following domains:
 * `console.chainguard.dev` for the web console to administrate and use your
   Chainguard accounts.
 
-### Access for development tools
+## Access for development tools
 
-Chainguard Libraries use is transparent for development efforts and typically
-requires no additional network access for workstations and other infrastructure
-running builds because the libraries are provided by the repository manager as
-configured for [Java](/chainguard/libraries/java/global-configuration/) or
-[Python](/chainguard/libraries/python/global-configuration/).
+Whether using a repository manager or accessing libraries directly, you must allow HTTPS access to:
 
-The repository manager application must have HTTPS access to the domain
-`libraries.cgr.dev` for library access and `issuer.enforce.dev` for
-authentication.
+* `libraries.cgr.dev` for library access
+* `issuer.enforce.dev` for authentication
+
+When using a repository manager, allowlist these domains in your repository manager. Your workstations and build infrastructure typically require no additional network access, as libraries are served through your repository manager.
+
+If accessing Chainguard Libraries directly for testing with curl or builds, allowlist these domains on your workstation.
 
-If you are accessing Chainguard Libraries directly for testing with curl or with
-a build tool, the used workstation must have identical access.