Partner Puzzle’s Perspective on Chainguard Containers and Libraries: A secure foundation for modern software development

Chainguard’s trusted Swiss-German partner, Puzzle ITC, shares its position on security in the software supply chain. With a specialism in software and technology services, Puzzle offers an impartial role and resumé of the impact of Chainguard’s solution. Raphaela and Christoph work actively with those seeking open source solutions, cloud-native applications, and developer productivity across the entire lifecycle. Their growing hands-on experience with Chainguard provides valuable, objective insight into the solution's highlights, feature requests, and adoption.

Puzzle sees a flood of CVEs (Common Vulnerabilities and Exposures) in open source images that cause inefficiency and uncertainty in IT departments. Chainguard addresses this issue by offering a catalog of over 2000 images delivering low to no CVEs thanks to minimalist daily builds from source and complete transparency (SBOMs). In practice, Puzzle often sees security concepts for container images reaching their limits: scanners regularly display over 50 CVEs. This flood of reports often leads to risks being ignored and, instead, panic patching only occurring in the event of major security incidents.

Puzzle is convinced that this technological approach represents a transformation in container security. As the first Chainguard partner in Switzerland, they are now offering customers subscriptions to the image catalog, enabling wider adoption of a secure foundation for software development. ‘Puzzlers’ - those who work at Puzzle - are ready to share their expertise to ensure the smooth migration and integration of this solution.

Security problems in the supply chain

Open source software is the foundation of modern software development and infrastructure, especially in container-based applications. Many companies rely heavily on these components for their products and infrastructure. However, managing the entire code base, including updating and securing open source code that was not developed in-house, poses significant challenges for IT and security departments. At the same time, supply chain security gaps are becoming increasingly common.

Chainguard: The technology for secure containers

An innovative solution to this problem relies on a fundamentally different approach to building container images. The key lies in providing minimal, secure operating systems, such as Wolfi, developed by Chainguard.

A wide variety of open source images are created on this minimal foundation that is compiled from the upstream source code from scratch every day. These images contain only the building blocks needed to build the software, allowing the latest versions of all dependencies to be integrated and ensuring complete documentation. Complete SBOMs (Software Bill of Materials) are also provided, which contain clear evidence of the original details of each image. The images are tested for consistent behavior, which has proven invaluable for accelerating adoption by building trust in the smooth implementation. The result of this process is container images with low to, in most cases, zero CVEs.

Beyond the ever-evolving container images on offer, the Chainguard catalog is continuously expanding and now includes libraries (beta). Chainguard also offers solutions for replacing images that are no longer freely available, as well as Helm charts from Bitnami and Minio. If you are interested in learning more, get in touch with our team.