Overview
Syllabus
- Introduction & agenda
- Understanding container image security
- Image security best practices
- Security vulnerabilities: what they are & how to identify them
- Scanning for security vulnerabilities: how to do it & what tools to leverage
- Live Q&A: how can a root privilege container user gain control over the entire host?
- Live Q&A: how is Trivy different from Amazon's ECR image scanner?
- Demo: installing Trivy, running samples & generating reports
- Live Q&A: can Trivy be integrated with Azure DevOps pipelines?
- Live Q&A: how does Trivy compare to Synk?
- Live Q&A: where do we need to host Trivy to integrate with CI/CD pipelines?
- Live Q&A: is there a consolidated view for all images within a private registry?
- Live Q&A: how can we view report changes over time?
- Live Q&A: is there a way to expedite the build-time when using Trivy?
- Live Q&A: can Trivy export to a compatible SonarQube format?
- Live Q&A: is there a plan to expand Trivy's capabilities to running containers?
- A look at next week's Tech Talk
Taught by
Mirantis