DevOps and Docker Talk: Cloud Native Interviews and Tooling

Chainguard: Building Secure Container Images

Listen Later

Bret and Nirmal are joined by Dan Lorenc from Chainguard to walk them through Chainguard's approach to building secure, minimal container images for popular open source software.

They discuss why it is important to have secure and minimal container images. Dan explains how Chainguard helps remove the pain of CVEs, laggy software updates and patches and much more. Chainguard is now available also on Docker Hub.

They spend the first part of the show talking about the week's big news: the XZ supply chain attack, and Dan was the best man to explain it. They also touch on CVEs, things you can do to reduce the attack surface, SLSA, and more during this jam-packed show.

There's a video version you can watch on YouTube

★Topics★
Chainguard Website
Vulnerability Management Certification course
True Cost of Vulnerability Management
Chainguard Images
Chainguard on Docker Hub Announcement

Creators & Guests

  • Cristi Cotovan - Editor
  • Beth Fisher - Producer
  • Bret Fisher - Host
  • Nirmal Mehta - Host
  • Dan Lorenc - Guest
    • (00:00) - Intro
  • (05:14) - Dan's Take on the XZ Hack
  • (14:59) - Chainguard Distro Creation
  • (21:21) - Chainguard in Docker Hub Announcement
  • (24:26) - Free Images vs Private Images
  • (26:27) - Zero CVE Approach
  • (28:33) - Ways to Reduce Attack Surfaces
  • (39:56) - Chainguard Academy
  • (41:08) - Real Time Antivirus Malware Scanner
  • (43:52) - Google Distro Lists Worth Using
  • (45:56) - Chainguard for Buildpacks
  • (46:20) - SLSA
  • (56:08) - What's Next for Chainguard?
  • (56:52) - Getting Started with Chainguard

    • You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!

    Grab the best coupons for my Docker and Kubernetes courses.
    Join my cloud native DevOps community on Discord.
    Grab some merch at Bret's Loot Box
    Homepage bretfisher.com

    ...more
    View all episodesView all episodes
    Download on the App Store
    DevOps and Docker Talk: Cloud Native Interviews and ToolingBy Bret Fisher
    • 4.6
    • 4.6
    • 4.6
    • 4.6
    • 4.6

    4.6

    53 ratings

    More shows like DevOps and Docker Talk: Cloud Native Interviews and Tooling

    View all
    Hanselminutes with Scott Hanselman by Scott Hanselman

    Hanselminutes with Scott Hanselman

    377 Listeners

    Software Engineering Radio - the podcast for professional software developers by se-radio@computer.org

    Software Engineering Radio - the podcast for professional software developers

    266 Listeners

    The Changelog: Software Development, Open Source by Changelog Media

    The Changelog: Software Development, Open Source

    285 Listeners

    The Cloudcast by Massive Studios

    The Cloudcast

    153 Listeners

    Thoughtworks Technology Podcast by Thoughtworks

    Thoughtworks Technology Podcast

    41 Listeners

    Talk Python To Me by Michael Kennedy

    Talk Python To Me

    586 Listeners

    Software Engineering Daily by Software Engineering Daily

    Software Engineering Daily

    629 Listeners

    AWS Podcast by Amazon Web Services

    AWS Podcast

    200 Listeners

    Data Engineering Podcast by Tobias Macey

    Data Engineering Podcast

    140 Listeners

    Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

    Syntax - Tasty Web Development Treats

    990 Listeners

    Kubernetes Podcast from Google by Abdel Sghiouar, Kaslin Fields

    Kubernetes Podcast from Google

    180 Listeners

    Self-Hosted by Jupiter Broadcasting

    Self-Hosted

    135 Listeners

    The Stack Overflow Podcast by The Stack Overflow Podcast

    The Stack Overflow Podcast

    63 Listeners

    The Real Python Podcast by Real Python

    The Real Python Podcast

    137 Listeners

    2.5 Admins by The Late Night Linux Family

    2.5 Admins

    89 Listeners