The DevSecOps Talks Podcast

DEVSECOPS Talks #17-2020 - Best Practices for Building Docker Images

Listen Later

This is the first episode in the new format - 30 minutes short and crisp episodes, i.e., less water and side discussions, focusing on the topic, duration under (well, almost under) 30 minutes. We hope you like it!

 

The topic of this episode is building docker images - automation, security, best practices.

 

In this episode, we discuss:

  • Saving money with T3a family
  • Building Docker images locally and in CI
  • Setting up deamonless Docker builds for CI and k8s
  • Using multistage builds to keep your images nice and clean as well as encapsulate the build environment and make it portable
  • Passing secrets to Docker build and inspecting image layers for secrets (ssh-agent and many more)
  • Keeping Docker images updated with dependencies and updates
  • Scanning Docker images for vulnerabilities
  • Docker image layers caching - doing it right
  • DockerHub is to delete old images stored for free, and GitHub is ready to host them for you
  • Docker image naming so you can find all you need to debug quickly

    •  

    In some of the information overlaps with episode #3 but greatly extends information provided before https://devsecops.fm/episodes/docker-secure-build/

     

    Visit https://devsecops.fm to see show notes and https://gitter.im/devsecopstalks/community to join a discussion

    ...more
    View all episodesView all episodes
    Download on the App Store
    The DevSecOps Talks PodcastBy Mattias Hemmingsson, Julien Bisconti and Andrey Devyatkin
    • 4
    • 4
    • 4
    • 4
    • 4

    4

    3 ratings

    More shows like The DevSecOps Talks Podcast

    View all
    Security Now (Audio) by TWiT

    Security Now (Audio)

    1,976 Listeners

    Hanselminutes with Scott Hanselman by Scott Hanselman

    Hanselminutes with Scott Hanselman

    377 Listeners

    SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

    SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

    626 Listeners

    The Changelog: Software Development, Open Source by Changelog Media

    The Changelog: Software Development, Open Source

    284 Listeners

    The Cloudcast by Massive Studios

    The Cloudcast

    152 Listeners

    The New Stack Podcast by The New Stack

    The New Stack Podcast

    32 Listeners

    Software Engineering Daily by Software Engineering Daily

    Software Engineering Daily

    621 Listeners

    AWS Podcast by Amazon Web Services

    AWS Podcast

    201 Listeners

    The Secure Developer by Snyk

    The Secure Developer

    22 Listeners

    Data Engineering Podcast by Tobias Macey

    Data Engineering Podcast

    140 Listeners

    Kubernetes Podcast from Google by Abdel Sghiouar, Kaslin Fields

    Kubernetes Podcast from Google

    181 Listeners

    Cloud Security Podcast by Cloud Security Podcast Team

    Cloud Security Podcast

    58 Listeners

    The Real Python Podcast by Real Python

    The Real Python Podcast

    139 Listeners

    All-In with Chamath, Jason, Sacks & Friedberg by All-In Podcast, LLC

    All-In with Chamath, Jason, Sacks & Friedberg

    9,170 Listeners

    Relating to DevSecOps by Ken Toler and Mike McCabe

    Relating to DevSecOps

    8 Listeners