Building Images For The Secure Supply Chain • Adrian Mouat • GOTO 2023

Comments off | script By · 30/09/2023



Building Images For The Secure Supply Chain • Adrian Mouat • GOTO 2023

Building Images For The Secure Supply Chain • Adrian Mouat • GOTO 2023

This presentation was recorded at GOTO Amsterdam 2023. #GOTOcon #GOTOams
https://gotoams.nl

Adrian Mouat – Author of ‘Using Docker’ & Dev Rel at Chainguard @AdrianMouat

RESOURCES
https://github.com/wolfi-dev/advisories
https://github.com/chainguard-images/images

Adrian
https://twitter.com/adrianmouat
https://github.com/amouat
https://linkedin.com/in/adrianmouat
http://www.adrianmouat.com

ABSTRACT
Security scans getting you down? Is the security team complaining about the CVE count in your images? Want to improve your SLSA level but don’t know where to start?
You’re not alone – all organisations face these issues. This talk will walk through techniques and tooling that you can use today to address these concerns.

In particular it will cover:
• how to reduce the CVE count in your images by minimising dependencies
• the importance of updating images and dependencies
• using apko to build container images with SBOMs and complete reproducibility […]

TIMECODES
00:00 Intro
00:38 Quiz
06:10 Vulnerabilities scanners
10:15 Redis
15:13 What is Wolfi
32:28 Summary
33:11 Outro

Download slides and read the full abstract here:
https://gotoams.nl/2023/sessions/2472

RECOMMENDED BOOKS
Liz Rice • Container Security • https://amzn.to/3oU4iJe
Liz Rice • Kubernetes Security • https://www.oreilly.com/library/view/kubernetes-security/9781492039075
Aaron Parecki • OAuth 2.0 Simplified • https://amzn.to/2A3IMOf
Aaron Parecki • OAuth 2.0 Servers • https://amzn.to/3ecHEsz
Aaron Parecki • The Little Book of OAuth 2.0 RFCs • https://amzn.to/3i7qnlC
Erdal Ozkaya • Cybersecurity: The Beginner’s Guide • https://amzn.to/2T6OIj3
Richer & Sanso • OAuth 2 in Action • https://amzn.to/3hXiAH6

https://twitter.com/GOTOcon
https://www.linkedin.com/company/goto-
https://www.facebook.com/GOTOConferences
#Kubernetes #k8s #CloudNative #SLSALevel #CVE #Dependencies SupplyChain #Security #AdrianMouat #Chainguard #apko #Containers #SBOM #Vulnerabilities #snyk #AquaTrivy #Grype #Wolfi #LinuxDistribution #YAML #Cybersecurity

Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech
Sign up for updates and specials at https://gotopia.tech/newsletter

SUBSCRIBE TO OUR CHANNEL – new videos posted almost daily.
https://www.youtube.com/user/GotoConferences/?sub_confirmation=1

53GB.COM GPTSTORE CPU Yougpt Gptsio Gpt-store-Nav