Introduction to Grafana Observability Workshop | 30th April
Somerford Associates Logo
EVENTS
Contact Us
NEW Somerford Workshop

Chainguardification:

Secure Your Software Supply Chain with Chainguard & Somerford and get “Hands On”

Move past the theory and build a hardened, "zero-noise" software supply chain.

Somerford Logo
MAILING LIST →

What Does This Workshop Cover?

In today’s fast-moving software landscape, attackers are no longer just targeting production systems, they’re exploiting the software supply chain itself. Vulnerable dependencies, misconfigured pipelines, and untrusted build artefacts have become prime targets.

It’s becoming harder and harder to keep up with CVEs (Common Vulnerabilities and Exposures), not just by the sheer number of them, but by how frequently these attack vectors are being exploited. Using Grype may help us identify a huge number of CVEs in our environment, but we would struggle to know how probable or possible an exploit could be from these scan results alone.

Chainguard also employs the idea that when developing software, we should start left, rather than build out our software and then try to shift left. By using Chainguard Images, you opt for a secure-by-default foundation from day one. This allows you to immediately address security concerns and significantly reduces the time, resources and capital spent on remediation to ensure that your application is protected and secure before you even start developing.

In our hands-on workshop, our Technical Consultants, Frazer Brown, Daniel Gray and Sam Ward, along with Partner Solutions Engineer at Chainguard, Hannah Hawken, will take you through a live “Chainguardification” of a Software Supply Chain by building and hardening a modern containerised application. By the end of the session, you’ll have migrated an application to a hardened, distroless environment, verified the removal of the CVEs present in the Open-Source container through side-by-side Grype scans, and utilised Syft to gain total transparency via SBOMs.

We'll Walk You Through These Steps:

1. Connect to a Virtual Machine and Install Key Tools for Analysing CVEs
2. Connect to a Chainguard Organisation and view a selection of Chainguard Images
3. Build an Application using Open Source Images (Spring Boot) and Docker
4. Build an Application using Chainguard Images (The Chainguardification Stage)
5. Scan for CVEs and Compare Between Open Source and Chainguard
6. Perform an Attack on the Open Source Container

Why We Need Chainguard:

We’ll be preparing you for the hands-on workshop with an in-depth presentation about what Chainguard does, why it’s helpful, what problems it solves and how it can help you as a developer, executive, engineer, administrator or engineer, and how it can save your company money and resources. Here’s the Agenda:

The Open Source Problem and our Mission:
• Current State of Open Source Development
• The Chainguard Offering
• OS images vs Chainguard
• OS libraries vs Chainguard
• SBOMs

Chainguard Libraries

Whether you're running Kubernetes at scale, maintaining internal developer platforms, or building high-trust environments, this session will leave you with actionable tools and a fresh perspective on what “secure by default” really means.

We shall also explore the power of Chainguard Libraries to uncover a hardened alternative to standard public repositories like PyPI, npm, and Maven Central by rebuilding open-source packages and their entire dependency trees directly from source in a SLSA Level 2 compliant environment. Chainguard Libraries are engineered to be malware-resistant and are proactively patched for critical vulnerabilities (CVEs), even if an official upstream fix hasn't been released yet. They solve the "hidden dependency" problem by isolating and rebuilding the system libraries, ensuring every byte has a verifiable provenance.

In this 2 hour technical workshop, we move from the "Why" (reducing CVE noise) to the "How" (building and securing images) using Chainguard’s Wolfi-based ecosystem.

Workshop Pre-Requisites:

Tools: Laptop with Permissions to run commands in Terminal (chmod 400, ssh) We’ll be authenticating and connecting to EC2 Instances set up by us prior to the workshop using downloaded/provided .pem certificates/keys, so we need to be able to ensure access to the file is secured (400 -> owner access only (you)).

Knowledge: Basic familiarity with Docker and using the CMD/Terminal.

Key Learning Objectives:

  • Understand the Key Offerings of Chainguard, and get familiar with chainctl
  • Learn about what goes into building a Docker Image/Container, and how to run basic applications using Docker and the Command Line (docker build, run)
  • Compare the Key Differences between Open Sources Containers and Chainguard Containers
  • Use chainctl to analyse the libraries we use, and understand the result of chainctl libraries verify
  • Understand what Grype is, and how it can inform us with high quality information about our Containers (relating to CVEs)
  • Understand how to exploit an Open Source container, and provide the hosts with the “secret” we’ve hidden in the container’s files (1st wins a prize!)
  • Learn about SBOM and Syft, and how a SBOM can show us that Chainguard is truly building distroless and clean images

Additional Resources:

Who are Somerford Associates?

We are a passionate group of people delivering innovation to our customers on their digital transformation journey.
READ MORE

Chainguard Partner

As an authorised Grafana partner, Somerford Associates works closely with organisations to design, deploy, and optimise Grafana solutions.
LEARN MORE

The Somerford Blog

A range of technical articles written by our certified consultants covering topics like AI and machine learning, data streaming and cloud security.
READ MORE

Have any Questions?

Feel free to reach out to us with any questions about the event.

Contact us
Scroll to Top