I build systems that verify software supply chains. At Chainguard, I work on the JavaScript and Java ecosystem rebuilders, delivering SLSA 3 provenance and SBOMs for 500k+ artifacts across 44+ enterprise customers. I built LibCheck (now chainctl libraries verify), a Go CLI for validating package provenance.

Before Chainguard, I spent a decade building infrastructure at scale. At MixMode, I designed a horizontally scalable network data ingestion pipeline handling 100 Gbps, and led the work that landed a $20M government defense contract. At Anchore, I built the Kubernetes-based inventory system in Go and Python that reduced container analysis time by 60%. At LogicMonitor, I architected a distributed data pipeline with Kafka and Quarkus managing 2M+ monitoring metrics daily.

Technical Background

Languages: Java, Python, SQL (expert); Go, Node.js (moderate)

Infrastructure: AWS, GCP, Kubernetes, Helm, Argo Workflows, Kafka, PostgreSQL

Domains: Distributed systems, supply chain security, SLSA provenance, SBOMs, container security

I’ve written about some of this work in the writing section.

Sam Dacanay

Staff Software Engineer at Chainguard. I build systems that verify software supply chains.

Previously: Director of Engineering at MixMode, Senior Software Engineer at Anchore, Lead Engineer at LogicMonitor.

11 years building distributed systems, Kubernetes controllers, and security infrastructure.

Quarkus vs. Spring Boot

At LogicMonitor, I led the evaluation and migration from Spring Boot to Quarkus for our microservice architecture. The results: 85% reduction in CPU usage, 88% reduction in memory, and startup times dropping from 15 seconds to 2 seconds. The article covers our technology stack evaluation (Quarkus vs. Micronaut vs. Helidon), Kubernetes integration, Kafka producer/consumer challenges with SmallRye Reactive Messaging, and the metrics we used to validate the migration. Read the full article on LogicMonitor’s blog →

Technical Background#

Technical Background