Why should developers care about container security?

Container scanning tools, industry publications, and application security experts are constantly telling us about best practices for how to build our images and run our containers. Often these non-functional requirements seem abstract and are not described well enough for those of us that don’t have an appsec background to fully understand why they are important. Sr. Developer Advocate and Docker Captain, @ericsmalling goes over several of the most common practices, show examples of how your workloads can be exploited if not followed and, most importantly, how to easily find and fix issues when building containers BEFORE you ship them. Additionally, he discusses tactics to minimize exploit exposure by hardening runtime container and Kubernetes configurations. Links mentioned in the video: - Security Context blog: https://snyk.co/k8s-securitycontext - Network Policy recipes: https://github.com/ahmetb/kubernetes-network-policy-recipes - Ko Build tool: https://ko.build - Jib Build tool: https://github.com/GoogleContainerTools/jib Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for containers, IaC templates application dependencies and code for platforms like npm, Maven, NuGet, RubyGems, PyPI and more. Learn more about Snyk http://bit.ly/snyk-io TOC: 0:00 - Introduction 0:14 - Container challenges for devs 3:13 - Container exploit demo 9:46 - Catching vulnerable images with Snyk Container 15:56 - Snyk SCM integration and auto fix PRs 17:25 - Defense in depth for mitigating zero-days 18:29 - Hardening container Images 21:40 - Runtime configuration 24:53 - Kubernetes 29:02 - Key takeaways 30:41 - Wrapup 📱Social Media📱 ___________________________________________ Twitter: https://twitter.com/snyksec Facebook: https://www.facebook.com/snyksec LinkedIn: https://www.linkedin.com/company/snyk Website: https://snyk.io/