Explore the concept of scratch containers and their impact on supply chain security in this 49-minute OWASP Foundation talk by Naveen S, Senior Security Engineer at Freshworks. Delve into the structure of containerized applications, examining the layers that typically include the OS, system libraries, and application dependencies. Learn about the benefits of using scratch containers to reduce image size and attack surface by running statically built binaries without an OS layer. Analyze the potential security implications of this approach, including the challenges in generating a comprehensive Bill of Materials (BOM) and performing effective Software Composition Analysis (SCA). Consider the trade-offs between reducing vulnerabilities and maintaining visibility into component dependencies. Gain insights into the advantages, common security caveats, and potential pitfalls associated with scratch containers, and evaluate their effectiveness in addressing supply chain concerns in the context of OWASP's top 10 web application security risks.
Scratch Containers and the Supply Chain Trouble
Overview
Syllabus
Scratch containers and the supply chain trouble - Naveen S
Taught by
OWASP Foundation
Related Courses
-
OWASP Top 10 for Docker Containers and Kubernetes Security
-
Software Supply Chain Aspects in Infrastructure as Code and How to Secure It
-
In-Toto: Protecting Software Supply Chain in Cloud Native and Confidential Containers
-
A Different Kind of S3 - First Line Security of the Supply Chain
-
Software Supply Chain Aspects in Infrastructure as Code
-
Enhancing Software Supply Chain Security: Approaches to Software Composition Analysis
