Kubernetes Container Image Security: Best Practices to Limit Critical Vulnerabilities

Register now for next week's talk: https://labs.mirantis.com/events/details/mirantis-developer-community-tech-talks-presents-authentication-and-authorization-in-kubernetes/ View Tech Talk calendar: https://labs.mirantis.com/events/#/calendar Containers are the primary attack surface for user requests. Keeping it free from threats such as hard-coded info, secrets & tokens, unnecessary logging, and/or Log4j vulnerabilities is critical. In this talk, we'll go over exactly what container image security is, how to identify where your containers may be vulnerable, and show you exactly how to install & use the tools necessary to protect your container environments. If you are interested in more Tech Talks from Mirantis Labs team, episodes premiere live every other Tuesday. Register for our next talk here: https://www.mirantis.com/labs/ #kubernetes #k8s #containers #cloudsecurity CHAPTERS 0:00 - Introduction & agenda 4:34 - Understanding container image security 13:57 - Image security best practices 17:21 - Security vulnerabilities: what they are & how to identify them 20:02 - Scanning for security vulnerabilities: how to do it & what tools to leverage 32:25 - Live Q&A: how can a root privilege container user gain control over the entire host? 34:39 - Live Q&A: how is Trivy different from Amazon's ECR image scanner? 37:02 - Demo: installing Trivy, running samples & generating reports 44:57 - Live Q&A: can Trivy be integrated with Azure DevOps pipelines? 47:07 - Live Q&A: how does Trivy compare to Synk? 48:09 - Live Q&A: where do we need to host Trivy to integrate with CI/CD pipelines? 49:08 - Live Q&A: is there a consolidated view for all images within a private registry? 50:32 - Live Q&A: how can we view report changes over time? 52:39 - Live Q&A: is there a way to expedite the build-time when using Trivy? 55:10 - Live Q&A: can Trivy export to a compatible SonarQube format? 56:07 - Live Q&A: is there a plan to expand Trivy's capabilities to running containers? 57:54 - A look at next week's Tech Talk