Digging Into Container Image Layers for Sneaky Vulnerabilities
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Explore techniques for identifying and mitigating vulnerabilities in container images, with a focus on complex edge cases. Learn how to use vulnerability scanning tools like Aqua's Trivy and layer explorer tools such as wagoodman's dive to analyze Java-based container images. Discover methods for narrowing down the search field when addressing critical vulnerabilities, even when traditional dependency management tools like Maven provide conflicting information. Through hands-on examples, gain practical skills in investigating and resolving security issues within popular container images, including those generated for Spring Boot applications.
Syllabus
Digging Into Your App's Container Image Layers for Sneaky Vulnerabilities - Pablo Galego, VMware
Taught by
CNCF [Cloud Native Computing Foundation]