Secure software supply chain solution provider Chainguard Inc. today announced the launch of multilayer container images with intelligent rebuilds, a new approach that optimizes container efficiency and accelerates pull times.

The new multilayer approach replaces the company’s original single-layer container image architecture, which bundled all content into one large unit. Though the previous design ensured security and simplicity, it also meant that even minor updates required re-downloading entire images, causing delays and higher bandwidth consumption.

The new model sees container images divided into intelligent layers, grouping packages by their source origin. For users, the new model means that when a package is updated, only its corresponding layer needs to be refreshed, resulting in faster downloads and less redundant data transfer.

The idea of multilayer container images sounds fairly simple, but Chainguard’s engineering team, when designing the functionality, faced the challenge of determining how best to split images into layers without compromising security or clarity. Through conducting extensive simulations, they ended up choosing a “per-origin” strategy that balances layer granularity and caching efficiency while avoiding the layer sprawl typical of Dockerfile-based images.

The results are impressive, with the company claiming initial testing showing a 70% reduction in unique layer data size and a 70% to 85% decrease in bytes transferred during sequential pulls of updated images. The improvement is particularly notable for large, frequently updated artificial intelligence and machine workloads such as PyTorch and TensorFlow.

Along with enhanced efficiency, Chainguard added a final layer capturing frequently updated operating system-level metadata to ensure compatibility with container runtimes and to optimize parallel download capabilities. The design aims to provide developers with performance enhancements without altering their workflows.

“With Chainguard’s intelligent layers, customers should see faster pull times and increased bandwidth and storage efficiency,” Kim Lewandowski and Jason Hall from Chainguard said in a blog post. “Ultimately, that means faster builds, tests and deployments for your services, all of which speed up overall engineering velocity for your development teams.”

Multilayer images have been rolled out across all Chainguard Containers as of today.

Ryan Carlson, president of Chainguard, spoke with theCUBE, SiliconANGLE Media’s livestreaming studio, earlier this month, when he discussed how the company advances open-source software security with an innovation-first approach.

Image: SiliconANGLE/Reve