Security compliance and licensing stability are now central to enterprise open-source strategy.
Companies are grappling with shadow AI risks and changing vendor licenses. The focus is moving beyond adoption to ensure open-source systems are operationally hardened and remain legally portable.
A new partnership between open-source database company Percona and supply-chain security firm Chainguard exemplifies this shift. It aims to streamline workflows across Percona’s full portfolio — including MySQL, PostgreSQL, MongoDB, MariaDB, Valkey, and Redis.
The new technology pairs secure-by-default, zero-CVE (common vulnerabilities and exposures) container images with expert operational support. The collaboration bridges the gap between the flexibility of open source and the rigid security requirements of the modern production environment.
“Instead of databases needing to continuously scan for vulnerabilities, patch dependencies, and harden configurations after deployment, Chainguard images are delivered with minimal attack surface, continuously rebuilt, and free of known CVEs at release,” Peter Farkas, CEO at Percona, told LinuxInsider.
How This Approach Differs
This strategy reduces build-versus-buy friction. The two companies operate on a shared premise: getting secure software into production should not require engineers to build it from scratch. Historically, shipping open-source databases as container images has been difficult for enterprises, often leaving IT staff to manage patching and hardening on their own.
The division of responsibilities is clear. Chainguard provides the foundation based on minimal, hardened container images designed to keep CVE counts at or near zero. Percona provides the operational layer with enterprise-grade support, so organizations aren’t left stranded when complex infrastructure or AI workloads put performance pressure on the system.
Offloading image hardening and provenance tracking reduces operational overhead. This allows open-source databases to function more like a high-velocity utility than a maintenance burden.
“By partnering with Chainguard, Percona is helping to ease that burden. With secure-by-default container images of all of our open-source database software, our customers can spend less time worrying about patching CVEs and more time innovating,” Farkas said.
Why Database Containers Still Struggle
Shipping open-source databases as container images remains a challenge at the enterprise level.
Security requirements are stricter. Compliance frameworks are more demanding. AI workloads are adding further pressure on infrastructure.
Then there is the Linux factor. Organizations run across a wide mix of Linux distributions, hardened systems, and internal platforms. This means off-the-shelf images often do not fit their environment without modification.
IT teams must handle patching, adapting, and re-securing container images themselves. That time and effort could be redirected to higher-value work.
Brad Bock, director of product management at Chainguard, observed that organizations should not have to choose between the flexibility of open source and the security required for production.
“Together, we’re giving teams a simpler, more reliable way to run open-source databases in production without carrying the burden of patching and securing them on their own,” he said.
Turning Point for Open-Source Databases
Last year marked a turning point for open-source databases. Large organizations accelerated AI initiatives, reassessed cloud costs, and responded to volatility in database licensing. The result was a growing preference for open, portable platforms backed by operational accountability.
AI workloads are increasing the volume of data flowing through databases, raising demand for low latency, high concurrency, and high throughput. Just as importantly, Farkas noted, they are also increasing operational complexity and risk.
Farkas sees a tendency to overstate the extent to which AI will automate database management itself. In practice, most organizations are not ready to hand over control of mission-critical systems to autonomous agents.
“Instead, AI is proving most valuable in areas like observability: helping teams analyze logs, detect anomalies, and surface insights,” he said.
Closing the Database Security Gap
Open-source databases have long carried an unfair reputation for security risks. In practice, the transparency of open source means issues are usually identified and fixed quickly.
The real challenge is keeping up with the volume of dependencies, components, and the steady stream of CVEs in modern software stacks. That pressure is sharpest around databases, where the stakes of a missed patch are high.
“A secure-by-default image fundamentally shifts security from being a reactive task to a built-in baseline. For DBAs, this means less time spent on patching cycles and emergency remediation, and more time for performance tuning and reliability,” Farkas noted.
Chainguard solves the image problem by rebuilding Percona’s database software, packaging and maintaining it using hardened, minimal images built with verifiable provenance, FIPS readiness, and defined CVE service-level agreements (SLAs).
Percona is among the first organizations to partner with Chainguard and the only one to offer exclusively open-source software. Other early-stage partners include Azul, Chainloop, Elastic, Expanso, F5, GitLab, Mattermost, Nirmata, SmallStep, and Tiger Data. This group of early adopters signals growing support for this new secure-by-default software standard.
Where Open Source Databases Are Headed
Some enterprise platforms are moving toward a multi-engine approach. Percona delivered the first fully open-source transparent data encryption (TDE) for PostgreSQL, expanded enterprise adoption, and brought 24/7 support for Valkey following Redis licensing changes.
The company launched Percona Bundles to help customers scale complex, multi-engine, and AI-adjacent workloads more predictably. Bundles and Chainguard builds simplify management of fragmented environments. Together, these milestones reflect broader industry movement toward open-source solutions that balance flexibility with accountability.
“As enterprises move toward a multi-engine approach, the real challenge isn’t adopting multiple databases. It’s operating them consistently and securely at scale,” Farkas said.
Bundles provides a standardized, AI-ready foundation across MySQL, PostgreSQL, and MongoDB. The solution combines optimized configurations, performance enhancements, and enterprise-grade support into cohesive, purpose-built offerings.
Meanwhile, Chainguard’s secure-by-default images complement this approach at the container layer. Together, they enable enterprises to run different database engines on a hardened, continuously maintained base — reducing fragmentation across both security and operations.
New Model for Open-Source Databases
Percona’s CEO envisions OSS databases as platforms that free users from closed, vendor-controlled systems. Instead, they enable companies to run open-source infrastructure on their own terms.
“We at Percona are doubling down on this philosophy because the industry is starting to feel the long-term consequences of convenience-driven decisions,” he shared.
That view is rooted in what he hears from customers about their top database and infrastructure priorities for 2026. Their preferences centered on a few consistent themes: control, complexity, and operational efficiency.
“There’s a growing demand for predictable pricing and greater ownership of data infrastructure, particularly as the cost and complexity of managed services continue to rise,” said Farkas.
What This Means for DBAs
Farkas explained that many teams have defaulted to proprietary managed platforms for speed. They now face rising costs, reduced flexibility, and limited control. Open source has matured to the point where these trade-offs are no longer necessary, he explained.
At the same time, many are operating in complex environments, often running multiple database engines across multiple clouds. That combination is driving a need for consistency and simplification, he continued.
“Customers are looking for standardized approaches that reduce operational overhead, enforce security and governance, and make it easier to manage diverse environments,” he said.
Loading ...
