11-10, 10:20–10:50 (MST), Theater
Your new container build system is up and running. But suddenly ops are complaining that the images are difficult to maintain and they don't even run on the ARM boxes. And users are complaining that the images aren't signed and the CVE count is through the roof. What do you do?
This talk will guide you through the basics of making your build reliable and repeatable with support for multiple architectures and a low CVE count that keeps your users happy.
We will cover:
- the importance of making your builds reproducible for security and maintainability
- building in CI/CD and the cloud
- handling multi-arch images
- dealing with updaing images and CVEs
- advanced concerns: attestations, SLSA and SBOMs
Want to save yourself time and pain? Come to this talk.
Technical Community Advocate @ Chainguard
Adrian has been involved with containers from the early days of Docker and authored the O’Reilly book “Using Docker”.
He works at Chainguard whose mission is to make the software lifecycle secure by default. His current focus is on improving the standard of security and provenance guarantees in container images.