What’s with all of these container image vulnerabilities? I’m a developer, not a security analyst! Whether you’re a solo dev or a large team embracing DevSecOps, join me to learn practices I’ve seen successful teams using to build safer container images & avoid the mistakes they made along the way.
If you’ve even run a vulnerability scan on a container you’ve probably seen it: the dreaded list with 100s, maybe even 1000s of issues on it. Containers have made life simpler in so many ways, but security sometimes doesn’t feel like one of them. So what can we do about it?
In this talk, I’ll share what I’ve learned working with users and companies and the best practices I’ve picked up along the way to builds safer container images. I’ll also share what not to do, because there are many rabbit holes you can go down that end up wasting time and energy.
I’ll share the processes and patterns that you can use whether you’re working on an individual project, or you’re part of a bigger team embracing DevSecOps.
Senior Developer Advocate at Snyk Eric has over 25 years of professional experience in enterprise software development and architecture and has been practicing DevOps concepts since long before the term was coined. A continuous integration advocate and implementer for nearly a decade, a former Jenkins Ambassador, and a Docker user since the early days back in 2013. A child of the ’80s and a second-generation software developer–his father was a SNOBOL coder in the 60s–Eric has been coding since his elementary school days bash on 8-bit machines. In his spare time, he enjoys spending time with his wife and kids, traveling, photography, and, of course, hacking on software. Nowadays, Eric is a Senior Developer Advocate at Snyk.io where he helps developers secure the applications, containers, and Kubernetes platforms they build and deploy to. Eric is “@ericsmalling” on Twitter, LinkedIn and GitHub.