Container Image Security: What it is & How to Remediate Vulnerabilities | Mirantis Labs – Tech Talks

Register now for next week’s talk:
View Tech Talk calendar:

Containers are the primary attack surface for user requests. Keeping it free from threats such as hard-coded info, secrets & tokens, unnecessary logging, and/or Log4j vulnerabilities is critical.

In this talk, we’ll go over exactly what container image security is, how to identify where your containers may be vulnerable, and show you exactly how to install & use the tools necessary to protect your container environments.

0:00 – Introduction & agenda
4:34 – Understanding container image security
13:57 – Image security best practices
17:21 – Security vulnerabilities: what they are & how to identify them
20:02 – Scanning for security vulnerabilities: how to do it & what tools to leverage
32:25 – Live Q&A: how can a root privilege container user gain control over the entire host?
34:39 – Live Q&A: how is Trivy different from Amazon’s ECR image scanner?
37:02 – Demo: installing Trivy, running samples & generating reports
44:57 – Live Q&A: can Trivy be integrated with Azure DevOps pipelines?
47:07 – Live Q&A: how does Trivy compare to Synk?
48:09 – Live Q&A: where do we need to host Trivy to integrate with CI/CD pipelines?
49:08 – Live Q&A: is there a consolidated view for all images within a private registry?
50:32 – Live Q&A: how can we view report changes over time?
52:39 – Live Q&A: is there a way to expedite the build-time when using Trivy?
55:10 – Live Q&A: can Trivy export to a compatible SonarQube format?
56:07 – Live Q&A: is there a plan to expand Trivy’s capabilities to running containers?
57:54 – A look at next week’s Tech Talk

Duration: 00:59:33
Publisher: Mirantis
You can watch this video also at the source.