Building Images For The Secure Supply Chain • Adrian Mouat • GOTO 2023

This presentation was recorded at GOTO Amsterdam 2023. #GOTOcon #GOTOams Adrian Mouat - Author of ’Using Docker’ & Dev Rel at Chainguard @AdrianMouat RESOURCES Adrian ABSTRACT Security scans getting you down? Is the security team complaining about the CVE count in your images? Want to improve your SLSA level but don’t know where to start? You’re not alone - all organisations face these issues. This talk will walk through techniques and tooling that you can use today to address these concerns. In particular it will cover: • how to reduce the CVE count in your images by minimising dependencies • the importance of updating images and dependencies • using apko to build container images with SBOMs and complete reproducibility [...] TIMECODES 00:00 Intro 00:38 Quiz 06:10 Vulnerabilities scanners 10:15 Redis 15:13 What is Wolfi 32:28 Summary 33:11 Outro Download slides and read the full abstract here: RECOMMENDED BOOKS Liz Rice • Container Security • Liz Rice • Kubernetes Security • Aaron Parecki • OAuth 2.0 Simplified • Aaron Parecki • OAuth 2.0 Servers • Aaron Parecki • The Little Book of OAuth 2.0 RFCs • Erdal Ozkaya • Cybersecurity: The Beginner’s Guide • Richer & Sanso • OAuth 2 in Action • #Kubernetes #k8s #CloudNative #SLSALevel #CVE #Dependencies SupplyChain #Security #AdrianMouat #Chainguard #apko #Containers #SBOM #Vulnerabilities #snyk #AquaTrivy #Grype #Wolfi #LinuxDistribution #YAML #Cybersecurity Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at Sign up for updates and specials at SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.