7 min listen
Chainguard: Building Secure Container Images
FromDevOps and Docker Talk: Cloud Native Interviews and Tooling
Chainguard: Building Secure Container Images
FromDevOps and Docker Talk: Cloud Native Interviews and Tooling
ratings:
Length:
60 minutes
Released:
May 3, 2024
Format:
Podcast episode
Description
Bret and Nirmal are joined by Dan Lorenc from Chainguard to walk them through Chainguard's approach to building secure, minimal container images for popular open source software.They discuss why it is important to have secure and minimal container images. Dan explains how Chainguard helps remove the pain of CVEs, laggy software updates and patches and much more. Chainguard is now available also on Docker Hub.They spend the first part of the show talking about the week's big news: the XZ supply chain attack, and Dan was the best man to explain it. They also touch on CVEs, things you can do to reduce the attack surface, SLSA, and more during this jam-packed show.Be sure to check out the live recording of the complete show from April 4, 2024 on YouTube (Ep. 261).★Topics★Chainguard Website Vulnerability Management Certification course True Cost of Vulnerability Management Chainguard Images Chainguard on Docker Hub AnnouncementCreators & Guests
Cristi Cotovan - Editor
Beth Fisher - Producer
Bret Fisher - Host
Nirmal Mehta - Host
Dan Lorenc - Guest
(00:00) - Intro
(05:14) - Dan's Take on the XZ Hack
(14:59) - Chainguard Distro Creation
(21:21) - Chainguard in Docker Hub Announcement
(24:26) - Free Images vs Private Images
(26:27) - Zero CVE Approach
(28:33) - Ways to Reduce Attack Surfaces
(39:56) - Chainguard Academy
(41:08) - Real Time Antivirus Malware Scanner
(43:52) - Google Distro Lists Worth Using
(45:56) - Chainguard for Buildpacks
(46:20) - SLSA
(56:08) - What's Next for Chainguard?
(56:52) - Getting Started with Chainguard
You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com
Cristi Cotovan - Editor
Beth Fisher - Producer
Bret Fisher - Host
Nirmal Mehta - Host
Dan Lorenc - Guest
(00:00) - Intro
(05:14) - Dan's Take on the XZ Hack
(14:59) - Chainguard Distro Creation
(21:21) - Chainguard in Docker Hub Announcement
(24:26) - Free Images vs Private Images
(26:27) - Zero CVE Approach
(28:33) - Ways to Reduce Attack Surfaces
(39:56) - Chainguard Academy
(41:08) - Real Time Antivirus Malware Scanner
(43:52) - Google Distro Lists Worth Using
(45:56) - Chainguard for Buildpacks
(46:20) - SLSA
(56:08) - What's Next for Chainguard?
(56:52) - Getting Started with Chainguard
You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com
Released:
May 3, 2024
Format:
Podcast episode
Titles in the series (100)
Should You Move Postgres to Containers: In this episode, I answer the question: should you migrate your postgres servers into containers. by DevOps and Docker Talk: Cloud Native Interviews and Tooling