--
You work hard to build the perfect image for your app and then you run your container image through a vulnerability scanner and you get a surprise: vulnerabilities...maybe hundreds of them! It can be overwhelming, particularly if it blocks your app from deployment. But it doesn't have to be and you don't need to become an operating system maintainer and build all your images from `scratch` to deal with vulnerabilities.
In this session I'll take you through a pattern for dealing with container image vulnerabilities. We'll look at real container images from the ecosystem and systematically deal with removing vulnerabilities including:
Deciding on a base image: other than just choosing a minimal base image, what can you do to build a set of trusted base images for your organization to use?
Dealing with vulnerabilities introduced by RUN, COPY, and ADD commands
Checking your own code & its dependencies
Dockerfile and docker build tips that will help you deal with vulnerabilities later on
Multistage builds - is there anything they can't do?
A brief look at scratch, distroless, and other advanced options
Speaker: Jim Armstrong, Synk
Twitter: @jdarmstro