Securing Your Container Deployments with Chainguard
Vložit
- čas přidán 11. 09. 2024
- Worried about vulnerabilities in the third-party images you're using in your container deployments? Well that's good. Because they probably contain serious security vulnerabilities.
Chainguard container images are build to be as clean and safe as possible...and they're easy to deploy.
www.chainguard...
This video will show you how it's done - and how to use Docker Scout to scan your images for vulnerabilities.
I should note that the two Critical CVEs that showed up when I scanned the Chainguard MariaDB image in the video was actually highly unusual (and, I'm told, was the result of a bit of a freak coincidence). That profile was still a lot better than the official MariaDB I compared it to. But you'll almost certainly bet MUCH better results when you try it for yourself!
thanks for putting this together. Well-organized and clear. Do you think that databases would be a big use of the Chainguard images? When the two critical vulnerabilities are fixed, do you think there will be an updated image from Chainguard? Or, is the administrator supposed to update MariaDB?
I selected MariaDB for the demo mostly because I work with it a lot. But there are hundreds of images of all categories available through Chainguard. My understanding is that Chainguard does a good job maintaining their images, and they'd probably push updated images out within days - if not faster. But I'm honestly not sure that'll necessarily help for your in-production images. You might still need to update your build.
@@davidbclinton thanks for your advice and insights. nice work. It seems easy to use the Chainguard images with little downside and several upsides.
The chainguard/mariadb image has been updated - it's now only 329 MB and has 0 CVEs.
@@AdrianMouat Even better!
At 4:55 in the video you compare the sizes of the images (standard MariaDB Docker image versus a Chainguard MariaDB image). It shows that the Chainguard image is larger than the standard image. With the stripped down image from Chainguard that helps improve security, I would expect it to be smaller in size. Do you have an idea why in this case it appears to be larger?
I was wondering that myself. Unfortunately, I have no clue. As I used to say to my high school students: if ignorance is bliss, this must be the happiest place on earth. :)
I'm not sure what changed, but I note that it's been updated and is now smaller as expected.
@@AdrianMouat Excellent. Makes perfect sense that it was just a weird anomaly.