Your Container Has Vulnerabilities. Now What?
Vložit
- čas přidán 13. 08. 2020
- --
You work hard to build the perfect image for your app and then you run your container image through a vulnerability scanner and you get a surprise: vulnerabilities...maybe hundreds of them! It can be overwhelming, particularly if it blocks your app from deployment. But it doesn't have to be and you don't need to become an operating system maintainer and build all your images from `scratch` to deal with vulnerabilities.
In this session I'll take you through a pattern for dealing with container image vulnerabilities. We'll look at real container images from the ecosystem and systematically deal with removing vulnerabilities including:
* Deciding on a base image: other than just choosing a minimal base image, what can you do to build a set of trusted base images for your organization to use?
* Dealing with vulnerabilities introduced by RUN, COPY, and ADD commands
* Checking your own code & its dependencies
* Dockerfile and docker build tips that will help you deal with vulnerabilities later on
* Multistage builds - is there anything they can't do?
* A brief look at scratch, distroless, and other advanced options
Speaker: Jim Armstrong, Synk
Twitter: @jdarmstro - Věda a technologie
Really nice presentation.
great great video and excellent presentation. Very informative. Thankyou for sharing
Hey, nice presentation, and amazing demo, very good to know.
Lets say,
I deploy some containers up and running.
How did I replace them when recreate image.
Delete old one redeploy them?
The same question on Kubernetes as well.
Thanks again.
You talk a lot and it all sounds useful but there is very little useful information here for a noob to use to fix vulnerabilities.