GOTO Amsterdam 2023

Thursday Jun 29
10:20 –

Building Images for the Secure Supply Chain

Security scans getting you down? Users complaining they can't verify your images? Have no idea if your systems are vulnerable to the latest exploit? Want to improve your SLSA level but don't know where to start? You're not alone - all organisations face these issues. This talk will walk through techniques and tooling that you can use today to address these concerns. In particular it will cover:

  • The distroless philosophy; why minimal images can save you from scan report purgatory
  • The importance of updating images and dependencies
  • Using apko to build container images with SBOMs and complete reproducibility
  • Signing images with Sigstore
cloud native
supply chain