Overview
Discover how to effectively manage vulnerability noise and prioritize security risks in this 24-minute conference talk from DockerCon 2023. Learn about the challenges of shift-left security and how runtime insights can provide a clearer picture of actual risks. Explore techniques for filtering vulnerabilities based on usage and exploitability, potentially reducing noise by up to 95%. Gain knowledge on analyzing Docker images, generating software bills of materials (SBOMs), and correlating image inventories with vulnerability databases to identify common vulnerabilities and exposures (CVEs). Understand how tools like Sysdig Secure and Docker Scout can be used together to improve container security from source to runtime by prioritizing issues using runtime context. Dive into practical strategies for successful vulnerability management and supply chain security that help teams focus on the most critical issues affecting their organizations.
Syllabus
Cut Through Vulnerability Noise with Runtime Insights (DockerCon 2023)
Taught by
Docker