Go “Vuln Sleighing” with Chainguard this Holiday Season

Christmas is right around the corner, but for us at Chainguard, remediating CVEs is a year-round commitment. Two major Go toolchain CVEs dropped in the last two weeks, and our team sprung into action, recompiling hundreds of packages and rebuilding hundreds of images. Moreover, some unrelated, urgent work also involved fixing hundreds of Helm charts recently broken in Bitnami’s Helm Chart repository, re-enabling them to use Chainguard Images. In the end, Chainguard Images customers get to have a peaceful holiday, without having to worry about either of these pesky CVEs or the Helm repository regression.

In the holiday spirit, we decided to tell this story Christmas-style!

‘Twas the week before Christmas, and all through the Guard,

Not a system was idle, all working hard.

Build pipelines were humming, the alerts flashing red,

With long days of fixing CVEs ahead.

The bad guys, relentless, worked under the Grinch,

Exploited weak code, and gave platform teams a pinch.

But we at Chainguard stood strong at our stations,

Protecting the world with our secure innovations.

Our SLAs don’t pause for mistletoe cheer,

Security’s a promise we keep all the year.

So it came—a new Golang vulnerability,

A crypto library bug filled with hostility.

Server Config Public Key Callback errors,

Gifting misused keys to malicious bearers!

“Let’s recompile it all—seven hundred and eighty!”

No rest for us elves; the work was quite weighty.

But before we could wrap that fix in a bow,

Another CVE came crashing, ho ho ho!

Go’s x/net parser crashes with input too long,

Can cripple your servers—all terribly wrong!

Our team, undeterred, doubled down on the codes,

Delivering packages faster than Santa’s sleigh-loads.

Freshly scanned images filled up our nights,

Down with the Grinch and his black hat sleights!

Along with toys for kids by the fire,

Our SBOMs are signed, secure, and inspired.

Each one hardened, a shield in the fight,

To keep systems safe through the holiday night.

Oh then came Bitnami, our "friends," with a scheme,

Their Helm chart changes disrupted the dream.

An untimely tweak to their repository tree

Brought headaches to customers (and also to me!).

But Chainguard stepped in, with no time to pout,

We fixed every chart and sorted it out.

Replacing their images with ours more secure,

A gift for the season: our promise is sure!

We recompiled, retested, re-signed, and then—

Republished the lot, again and again.

Our customers smiled as their worries took flight,

And CISOs slept soundly on that silent night.

For Chainguard’s the safe source for open source code,

A fortress that shields every app, every node.

So as the week closed and the bugs were all gone,

We celebrated the team and poured the cheers on!

"Happy holidays!" we cried, as the pipelines ran clean,

“Securing the world—we’re the best ever seen!”

And I heard us exclaim as the sprint met its end,

“Merry Christmas to all—from your Chainguard friends!”