Secure Container Images with Chainguard’s Tooling: Melange, Apko & Wolfi • Matt Turner • GOTO 2023
This presentation was recorded at GOTO Amsterdam 2023. #GOTOcon #GOTOams
Matt Turner - DevOps Leader and Software Engineer at Tetrate @mt165
ORIGINAL TALK TITLE
Building Secure & Auditable Container Images Using Chainguard’s Tooling: Melange, Apko & Wolfi
RESOURCES
ABSTRACT
Using minimal container images with known, auditable contents (the much-hyped SBOM) is a critical part of taking control of your supply-chain security. These images are smaller, more up-to-date, and more secure. You might have started down this path by using multi-stage builds and scratch or distroless base images. Recently, Chainguard has released a set of tooling that takes this to the next level.
In this practical session, Matt will walk you through using these tools, showing you how to make small, minimal images, along with SBOMs for their entire contents. He will show how to publish these images, and submit their build attestations to an immutable public audit log. As a bonus, he’ll also show how to manage ca-certs in container images, keeping them up-to-date and avoiding the dodgy ones which show up with surprising regularity. [...]
TIMECODES
00:00 Intro
01:00 Container images
14:13 How do you build container images?
20:33 Apko - Custom distroless
32:19 Demo
48:27 Outro
Read the full abstract here:
RECOMMENDED BOOKS
Adrian Mouat • Using Docker •
Burns, Beda & Hightower • Kubernetes: Up & Running •
Burns, Villalba, Strebel & Evenson • Kubernetes Best Practices •
Liz Rice • Container Security •
#Wolfi #Chainguard #Melange #Apko #SBOM #ContainerImages #Containers #Kubernetes #CloudNative #Programming #SoftwareEngineering #MattTurner
Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at
Sign up for updates and specials at
SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
1 view
0
0
7 months ago 00:03:22 1
Kali Linux Install - Kali Linux Boot Flesh - USB drive (Tutorial)
7 months ago 00:07:47 1
ECOWAS Crisis: West Africa’s $500 Million Projects Loss Looms Large
7 months ago 00:41:14 1
W. Glenn Dennis Interview, 11/19/1990
7 months ago 00:00:58 1
How to set and read microppipette volume
7 months ago 00:44:54 1
The State of Application Security 2023 • Sebastian Brandes • GOTO 2023
7 months ago 00:16:46 1
China and Russia Strike Back: “The End of US Dollar”
7 months ago 00:05:45 1
Beautiful Light™... Hardcore Survival Horror Game (2024)
7 months ago 00:15:48 1
Privacy First Tails OS 6.0 Linux Distro With Debian 12 “Bookworm” and GNOME 43
7 months ago 00:20:49 1
THE WATER ENGINE WORKS! Electrolysis with HH+ turns water into fuel
7 months ago 00:11:54 1
🚨HUGE UPDATE on Trump’s NYC case and Trucker Strike Boycott! Fani Willis is Next!
7 months ago 00:00:32 1
В главных ролях: SCP
7 months ago 00:11:47 1
11 min ago… NYC Is Collapsing 🚨 Trucker Boycott Major Investors Evacuate NYC 💥 TRUCKERS For Trump
7 months ago 00:05:55 1
Troubleshooting Difficult IV
7 months ago 00:15:57 1
Oops... Fani Willis Hands Trump UNEXPECTED Win! NYC Truckers Boycott Blocks OFF Investors!
7 months ago 00:10:41 1
U.S. Just HIT: FBI Warn, Cyber Attack Leaves Millions in the Dark... What happened, Is YouTube Down?
7 months ago 00:09:01 1
Israel Has DESTROYED Itself as Yemen, Iran, Lebanon Prepare For WAR
7 months ago 00:05:56 1
GUNSHIP - Monster In Paradise [Official Music Video]
7 months ago 01:09:50 1
Son Of WEF Cofounder: “Arrest Those People Immediately“ w/ Pascal Najadi & Dr Victory – Ask Dr. Drew
7 months ago 00:04:10 3
Features Series Housenote - The Security Features
7 months ago 00:06:19 1
Fire in Kalk Bay, Cape Town, South Africa - full version
7 months ago 00:00:37 1
China slams US plan to replace Chinese-made cranes in ports due to security concerns
7 months ago 00:10:08 1
The PS5 Slim - A Repairability Perspective - Detailed Teardown