Michael Wager
IT Security Consultant with 10+ years of experience in software engineering. In love with all things JavaScript, since 2009.
More info at mwager.de/about
Session
Container security issues are an ongoing topic in organizations. Containers often remain a “black box” and vulnerabilities can often not easily be resolved by simply updating base images. Security scanners typically do detect a lot of findings in a container and even for critical issues updates are not always readily available which creates lot of effort for security and development teams. We explore different options and best practices to reduce the attack surface in your containers and will take you down the full path of removing all unnecessary components to go fully distroless. We explore whether the concept of "distroless" is the solution to your security nightmares, what are expectations, challenges and potential disappointments.