Overview
Learn how to efficiently patch container image vulnerabilities through a technical conference talk that introduces Project Copacetic (Copa). Discover how this CNCF sandbox project addresses software supply chain security challenges by offering a streamlined approach to maintaining secure container images. Explore Copa's integration capabilities with existing build infrastructure, its use of image scanners like Trivy for vulnerability detection, and its ability to create patch layers using Buildkit. Through a practical demonstration, understand how to integrate Copa into pipelines, extend scanner functionality, and manage package updates - even for distroless images. Master techniques to reduce patching turnaround time and complexity while gaining greater control over security maintenance timelines and resource optimization.
Syllabus
Project Copacetic: Directly Patch Container Image Vulnerabilities - Ashna Mehrotra, Microsoft
Taught by
OpenSSF