chainguard-dev · s-stumbo · Apr 20, 2026 · Apr 14, 2026 · Apr 14, 2026 · Apr 20, 2026
@@ -444,27 +444,24 @@ You can create, list, and remove entitlements using [`chainctl libraries entitle
 As administrator you can use [`chainctl libraries entitlements create`](/chainguard/chainctl/chainctl-docs/chainctl_libraries_entitlements_create/) for one or more ecosystems:
 
 ```shell
-chainctl libraries entitlements create --ecosystems=JAVASCRIPT,JAVA,PYTHON --parent=example
+chainctl libraries entitlements create --ecosystems=JAVASCRIPT,JAVA,PYTHON
 ```
 
-Use the `--parent` option to specify the organization, or omit it to select the organization
-when running the command.
-
 To enable upstream fallback for JavaScript, use the `--policy` flag:
 
 ```bash
-chainctl libraries entitlements create --ecosystems=JAVASCRIPT --policy=CHAINGUARD_AND_UPSTREAM --parent=example
+chainctl libraries entitlements create --ecosystems=JAVASCRIPT --policy=CHAINGUARD_AND_UPSTREAM
 ```
 
 To update the policy on an existing entitlement, rerun the `create` command with the new `--policy` value.
 
 
 ### List entitlements
 
-You can verify entitlements for your organization `example` to verify which ecosystems are enabled and what policies are configured:
+You can verify entitlements for your organization `example.com` to verify which ecosystems are enabled and what policies are configured:
 
 ```shell
-chainctl libraries entitlements list --parent=example
+chainctl libraries entitlements list
 ```
 
 The output includes the ecosystem and configured policy in the table:

@@ -55,7 +55,7 @@ information.
 ### Considerations for fallback approach
 
 Before configuring your repo manager, consider how you want to handle packages that aren't
-yet available in the Chainguard registry. If you configure a fallback to Maven Central, packages sourced from that registry are not covered by Chainguard's
+yet available in the Chainguard libraries repository. If you configure a fallback to Maven Central, packages sourced from that registry are not covered by Chainguard's
-yet available in the Chainguard libraries repository. If you configure a fallback to Maven Central, packages sourced from that registry are not covered by Chainguard's
+yet available in the Chainguard Libraries repository. If you configure a fallback to Maven Central, packages sourced from that registry are not covered by Chainguard's
-yet available in the Chainguard libraries repository. If you configure a fallback to Maven Central, packages sourced from that registry are not covered by Chainguard's
+yet available in the Chainguard Libraries repository. If you configure a fallback to Maven Central, packages sourced from that registry are not covered by Chainguard's
 malware-resistance guarantees. See the [fallback approaches](/chainguard/libraries/quickstart/#artifact-manager-recommended) described in the Chainguard Libraries quick start for guidance on choosing the right approach for your environment.
 
 <a name="cloudsmith"></a>

@@ -168,7 +168,7 @@ The following command creates or updates an entitlement to Chainguard Libraries
 for JavaScript and adds the npm upstream fallback policy:
 
 ```bash
-chainctl libraries entitlements create --parent=example.com --ecosystems=JAVASCRIPT --policy=CHAINGUARD_AND_UPSTREAM
+chainctl libraries entitlements create --ecosystems=JAVASCRIPT --policy=CHAINGUARD_AND_UPSTREAM
 ```
 
 ### Fallback options

@@ -53,7 +53,7 @@ information.
 ### Considerations for fallback approach
 
 Before configuring your repo manager, consider how you want to handle packages that aren't
-yet available in the Chainguard registry. If you configure a fallback to PyPI, packages sourced from that registry are not covered by Chainguard's
+yet available in the Chainguard libraries repository. If you configure a fallback to PyPI, packages sourced from that registry are not covered by Chainguard's
 malware-resistance guarantees. See the [fallback approaches](/chainguard/libraries/quickstart/#artifact-manager-recommended) described in the Chainguard Libraries quick start for guidance on choosing the right approach for your environment.
 
 <a id="cloudsmith"></a>

@@ -21,7 +21,7 @@ this pattern.
 
 Chainguard Libraries are rebuilt from verified source in an isolated build
 environment, making them malware-resistant by design. If the source can't be
-verified, the package doesn't appear in the Chainguard Repository. They are
+verified, the package doesn't appear in the Chainguard libraries repository. They are
 drop-in replacements for the Python, Java, and JavaScript packages your
 engineers already use, with no breaking changes.
 
@@ -60,17 +60,17 @@ There are two ways to access Chainguard Libraries: using an [artifact manager](#
 
 Configure credentials once in a tool like JFrog Artifactory, Sonatype Nexus, or Cloudsmith. This centralizes policy, logging, and fallback behavior, and is the safest approach for organizations with multiple teams and applications.
 
-Note that built-in [configurable upstream fallback](/libraries/javascript/overview/#upstream-fallback-policy-and-controls) is available for Chainguard Libraries for JavaScript via the Chainguard Repository, but not yet available for Chainguard Libraries for Python or Java. Before configuring your repository manager, consider how you want to handle packages that aren't available in the Chainguard registry:
+Note that built-in [configurable upstream fallback](/libraries/javascript/overview/#upstream-fallback-policy-and-controls) is available for Chainguard Libraries for JavaScript via the Chainguard Repository, but not yet available for Chainguard Libraries for Python or Java. Before configuring your repository manager, consider how you want to handle packages that aren't available in the Chainguard libraries repository:
 
 **Python and Java fallback approach**
 
-* **Chainguard registry only (recommended)**: Configure your repository manager to
-  use the Chainguard registry as the only upstream source. If a package isn't
-  available in the Chainguard registry, your build will fail until coverage is
+* **Chainguard only (recommended)**: Configure your repository manager to
+  use the Chainguard libraries repository as the only upstream source. If a package isn't
+  available in the Chainguard repository, your build will fail until coverage is
   added. Alternatively, you may be able to use a version or alternative library that Chainguard has already built.
 * **Chainguard with public registry fallback**: Configure your repository
 manager to fall back to Maven Central or PyPI for packages not available in the
-Chainguard registry. This prevents build failures due to missing packages, but
+Chainguard libraries repository. This prevents build failures due to missing packages, but
 packages sourced from public registries are **not** covered by Chainguard's
 malware-resistance guarantees. If you choose this option, we strongly recommend
 configuring a quarantine or cooldown period on your fallback repository so that