Building Images For The Secure Supply Chain • Adrian Mouat • GOTO 2023
This presentation was recorded at GOTO Amsterdam 2023. #GOTOcon #GOTOams
https://gotoams.nl
Adrian Mouat – Author of ‘Using Docker’ & Dev Rel at Chainguard @AdrianMouat
RESOURCES
https://github.com/wolfi-dev/advisories
https://github.com/chainguard-images/images
Adrian
https://twitter.com/adrianmouat
https://github.com/amouat
https://linkedin.com/in/adrianmouat
http://www.adrianmouat.com
ABSTRACT
Security scans getting you down? Is the security team complaining about the CVE count in your images? Want to improve your SLSA level but don’t know where to start?
You’re not alone – all organisations face these issues. This talk will walk through techniques and tooling that you can use today to address these concerns.
In particular it will cover:
• how to reduce the CVE count in your images by minimising dependencies
• the importance of updating images and dependencies
• using apko to build container images with SBOMs and complete reproducibility […]
TIMECODES
00:00 Intro
00:38 Quiz
06:10 Vulnerabilities scanners
10:15 Redis
15:13 What is Wolfi
32:28 Summary
33:11 Outro
Download slides and read the full abstract here:
https://gotoams.nl/2023/sessions/2472
RECOMMENDED BOOKS
Liz Rice • Container Security • https://amzn.to/3oU4iJe
Liz Rice • Kubernetes Security • https://www.oreilly.com/library/view/kubernetes-security/9781492039075
Aaron Parecki • OAuth 2.0 Simplified • https://amzn.to/2A3IMOf
Aaron Parecki • OAuth 2.0 Servers • https://amzn.to/3ecHEsz
Aaron Parecki • The Little Book of OAuth 2.0 RFCs • https://amzn.to/3i7qnlC
Erdal Ozkaya • Cybersecurity: The Beginner’s Guide • https://amzn.to/2T6OIj3
Richer & Sanso • OAuth 2 in Action • https://amzn.to/3hXiAH6
https://twitter.com/GOTOcon
https://www.linkedin.com/company/goto-
https://www.facebook.com/GOTOConferences
#Kubernetes #k8s #CloudNative #SLSALevel #CVE #Dependencies SupplyChain #Security #AdrianMouat #Chainguard #apko #Containers #SBOM #Vulnerabilities #snyk #AquaTrivy #Grype #Wolfi #LinuxDistribution #YAML #Cybersecurity
Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech
Sign up for updates and specials at https://gotopia.tech/newsletter
SUBSCRIBE TO OUR CHANNEL – new videos posted almost daily.
https://www.youtube.com/user/GotoConferences/?sub_confirmation=1