The only rule: Don’t look at the code
“Only two dependencies. Both are legendary disasters.”
That’s Jon Ceanfaglione demoing his final project — an app that roasts your software supply chain by generating memes about your dependency choices. Paste in a package.json, get a meme mocking your decision to include both Lodash and Underscore. The judges loved it. Daisy Holman from Anthropic declared, “Honestly, no notes. This is exactly the kind of thing I hoped to see out of this.”
Jon won. His $1,000 prize is going to Girls Who Code Tampa.
But let’s back up.
Hey, what’s vibe coding? And what’s the Vibelympics?
“Vibe coding” is programming without looking at your code. You describe what you want, an AI writes it, and, while you can read the code if you want, mostly you don’t. It sounds ridiculous, and… yeah, it kind of is.
The Vibelympics is Chainguard’s first vibe coding tournament — three rounds of difficult and ever-so-slightly absurd challenges, judged on security, functionality, code quality, and (of course) vibes. The only rule: you can’t look at your code. How do we enforce this? Well, we watch contestants throughout the month of December using our Chainguard Omniscope (™️™️™️), so cheating is right out.
On December 1st, we started our 59 participating individuals and teams on the first of three challenges. The gauntlet had begun.
The rounds
Round 1: Emoji-Only UI
Build a fully functional app where the entire interface is composed entirely of emojis. No text in buttons, labels, navigation — nothing. The submissions ranged from emoji Zork to a vampire survivors-style game where you fight CVEs to a container security dashboard with an animated octopus mascot. Student Karthika Jayaprakash built a Mood Weather App where emotions become weather patterns — all emojis, zero text.
16 active submissions. Three perfect scores.
Round 2: Package Ecosystem Auditor
Build a security tool that audits packages — npm, PyPI, Maven, whatever you want. Given a package name, generate a security report.
Watching people vibe-code tools that actually analyze real vulnerability data was pretty remarkable, especially since this is literally our day job. Highlights included:
NICVR Museum (Nathan Hensley) - A 3D museum walkthrough built in Babylon.js, where you explore your security findings like exhibits.
PyShield (Mayank Desai, Tech9 Solutions) - 12 specialized analyzers, including typosquatting detection and Shannon entropy analysis. 305+ tests. Perfect score.
Dr. Container (Benoît Côté-Jodoin, Google) - Security data presented as “Nutrition Facts” labels.
12 submissions. Another three-way tie at the top.
Round 3: AI Meme Generator (The Finals)
Top three only. Build an AI-powered meme generator. Present it live on stream. Get judged by Dan Lorenc (Chainguard CEO), Guy Podjarny (Tessl CEO), and Daisy Holman (Anthropic).
No pressure. 😅
The finalists
Jon Ceanfaglione (IBM) — Supply Chain Roaster
Jon’s app grabs your package.json or requirements.txt, queries a real CVE database, and generates memes roasting your choices. The AI picks both text and template — submit Faker, and you might get Leonardo DiCaprio captioned “You used Faker for test data, and Faker used you instead.”
The kicker: Jon built this using adversarial agents. Claude Code and Factory AI reviewed each other’s pull requests, bouncing back and forth in a driver/navigator setup. He barely touched it until it was done.
“We’re actually thinking about attaching this to our DevOps pipeline,” Jon said. “Generating memes from people checking in dependencies into their code bases.”
The app also has a panic button. When pressed, it shows a dog in a burning building. Daisy’s reaction: “Oh my gosh, that’s cute. Easily one of my favorite memes.”
Nathan Hensley (Independent) — Meme Provenance Lab
Nathan, representing the fictional “National Institute for Cephalopod Validator Research,” went full supply-chain-parody. His Meme Provenance Lab generates memes with cryptographic signatures, complete with attestations and SBOMs. Every meme has a verified chain of custody. Unverified memes show up as untrusted in “Squidbook,” his in-app social network populated by characters from the “Containerium” lore he’d been building across all three rounds.
When Dan asked about unverified signatures sneaking into the feed, Nathan deadpanned: “I cannot disclose that at this time. All I can say is those users did not use the Meme Provenance Lab to generate their memes, so they’re untrusted.”
There’s also a farming game called Dependencyville, where you plant crops derived from your dependency tree. Nathan was characteristically dry in his description: “It seems very underwhelming. I’m not sure why anyone plays this. It costs 20. Yield is 30. You get additional technical debt. It honestly doesn’t make sense.”
Chris Ryan & Shaun Robbins (Deployitall) — AI Meme Generator
Chris and Shaun built a more straightforward meme generator, but polished. Classic templates with GPT-4 text generation, or fully AI-generated images via DALL-E 3. A “leet mode” toggle transforms the UI into a hacker aesthetic. Quick topic buttons let you smash-generate memes about Docker images, chain of thought, or CVEs in prod.
“I would have never done this in my life,” Chris said. “I’m not a meme guy. I actually had to ask what memes were at the start of this.” The tone of Chris and Shaun’s presentation was… giddy. These two clearly had a blast building their entry.
The judging
Dan scored on a scientific breakdown, with security, vibes, and functionality weighted equally. Guy appreciated the spec-driven approaches. Daisy, the self-described harsh judge (“I work at Anthropic, I see a lot”), still gave Jon’s project a perfect 10.
Highlights from the stream:
Daisy caught the tell: “This shade of purple tells me you barely prompted the UI. You just said ‘make it pretty.’”
Guy’s verdict on Nathan’s creation: “A massively ethical, secure, and responsible application that is a slightly mediocre meme generator.”
Dan trying to generate a meme about himself during judging and getting a timeout.
The panic button reveal.
The Prize
Jon Ceanfaglione took away the top prize: $1,000 for Girls Who Code Tampa. Our other finalists received $200 for their chosen charities — Nathan’s going to the World Wildlife Fund and Chris and Shaun’s going to the Against Malaria Foundation.
Thanks to everyone who participated, as well as those who dropped out (sometimes the only way to win is not to play), and our judges for treating meme security with the appropriate gravitas.
The AI apocalypse isn’t scheduled until 2027, so we’ll see you all again next December!
Share this article
Related articles
- open source
Fork Yeah: We’re keeping ingress-nginx alive
Adrian Mouat, Staff Developer Relations Engineer
- open source
The State of Trusted Open Source: December 2025
Ed Sawma, VP of Product Marketing, and Sasha Itkis, Product Analyst
- open source
Introducing Chainguard EmeritOSS: Sustainable stewardship for mature open source
Erin Glass, Staff Product Manager, Dan Lorenc, CEO and Co-founder, and Kim Lewandowski, CSO and Co-founder
- open source
Fork Yeah: We’re Bringing Kaniko Back
Priya Wadhwa, Senior Engineering Manager, Kim Lewandowski, Co-founder & CPO, and Dan Lorenc, Co-founder & CEO
- open source
Guardcraft: A Minecraft Java Server with Zero CVEs
Erika Heidi, Staff Developer Experience Engineer
- open source
Wolfi: a new paradigm in Linux for containers
Erika Heidi, Developer Experience Engineer