Sign up to save your podcasts
Or
Share The Cloudcast #343 - Container Vulnerability Scanning
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The Cloudcast #343 - Container Vulnerability Scanning
Aaron and Tyler Britten talk with Liz Rice (@lizrice, Technology Evangelist @AquaSecTeam) about what's easy—and what's not—about finding and patching security vulnerabilities in containers. This is a cross-over show with @PodCTL podcast.
Show Links:
Show Notes
Show Links:
- Liz’s talk at Velocity Conf - “What’s so hard about container vulnerability scanning?”
- Use code "CLOUD" to get 20% off Velocity and OSCON Conference Passes
- Aqua Security Homepage
- Liz Rice’s Blog
- [Video] Kubernetes, Metadata and You (KubeCon 2017 Austin)
- [PODCAST] @PodCTL - Containers | Kubernetes | OpenShift - RSS Feed, iTunes, Google Play, Stitcher, TuneIn and all your favorite podcast players
- [A CLOUD GURU] Get The Cloudcast Alexa Skill
- [A CLOUD GURU] A Cloud Guru Membership - Start your free trial. Unlimited access to the best cloud training and new series to keep you up-to-date on all things AWS.
- [A CLOUD GURU] FREE access to AWS Certification Exam Prep Guide - At A Cloud Guru, the #1 question received from students is "I want to pass the AWS cert exam, so where do I start?" This course is your answer.
- [FREE] eBook from O'Reilly
Show Notes
- Topic 1 - Welcome to the show Liz. Tell us a little bit about your background and the types of things that you’re working on these days.
- Topic 2 - Let’s start with the basics. A container is defined by a file (e.g. Dockerfile) that the user/developer/operator defines. How can a vulnerability get into that file?
- Topic 3 - Is it up to the CI/CD system or host OS (where the container runs) or container orchestrator (e.g. Kubernetes) or container registry to figure out if a vulnerability exists?
- Topic 4 - How do most container registries today manage vulnerability lists, container scanning and potential mitigations? What are the difficult parts of those tasks?
- Topic 5 - Most containers today are Linux containers. Are you seeing anything happening (yet) around how to manage Windows containers vulnerabilities? Is the assumption that Microsoft will fix this through one of their existing tools, or are things happening in the open source community as well?
- Email: show at thecloudcast dot net
- Twitter: @thecloudcastnet and @ServerlessCast
View all episodes
By Massive Studios
4.6
147147 ratings
Aaron and Tyler Britten talk with Liz Rice (@lizrice, Technology Evangelist @AquaSecTeam) about what's easy—and what's not—about finding and patching security vulnerabilities in containers. This is a cross-over show with @PodCTL podcast.
Show Links:
Show Notes
Show Links:
- Liz’s talk at Velocity Conf - “What’s so hard about container vulnerability scanning?”
- Use code "CLOUD" to get 20% off Velocity and OSCON Conference Passes
- Aqua Security Homepage
- Liz Rice’s Blog
- [Video] Kubernetes, Metadata and You (KubeCon 2017 Austin)
- [PODCAST] @PodCTL - Containers | Kubernetes | OpenShift - RSS Feed, iTunes, Google Play, Stitcher, TuneIn and all your favorite podcast players
- [A CLOUD GURU] Get The Cloudcast Alexa Skill
- [A CLOUD GURU] A Cloud Guru Membership - Start your free trial. Unlimited access to the best cloud training and new series to keep you up-to-date on all things AWS.
- [A CLOUD GURU] FREE access to AWS Certification Exam Prep Guide - At A Cloud Guru, the #1 question received from students is "I want to pass the AWS cert exam, so where do I start?" This course is your answer.
- [FREE] eBook from O'Reilly
Show Notes
- Topic 1 - Welcome to the show Liz. Tell us a little bit about your background and the types of things that you’re working on these days.
- Topic 2 - Let’s start with the basics. A container is defined by a file (e.g. Dockerfile) that the user/developer/operator defines. How can a vulnerability get into that file?
- Topic 3 - Is it up to the CI/CD system or host OS (where the container runs) or container orchestrator (e.g. Kubernetes) or container registry to figure out if a vulnerability exists?
- Topic 4 - How do most container registries today manage vulnerability lists, container scanning and potential mitigations? What are the difficult parts of those tasks?
- Topic 5 - Most containers today are Linux containers. Are you seeing anything happening (yet) around how to manage Windows containers vulnerabilities? Is the assumption that Microsoft will fix this through one of their existing tools, or are things happening in the open source community as well?
- Email: show at thecloudcast dot net
- Twitter: @thecloudcastnet and @ServerlessCast
More shows like The Cloudcast
View all
Hanselminutes with Scott Hanselman
377 Listeners
Software Engineering Radio - the podcast for professional software developers
272 Listeners
The Changelog: Software Development, Open Source
283 Listeners
a16z Podcast
1,030 Listeners
Thoughtworks Technology Podcast
40 Listeners
Talk Python To Me
593 Listeners
Software Engineering Daily
623 Listeners
AWS Podcast
202 Listeners
Gartner ThinkCast
110 Listeners
DataFramed
267 Listeners
Kubernetes Podcast from Google
181 Listeners
Practical AI
190 Listeners
The Stack Overflow Podcast
63 Listeners
The Real Python Podcast
140 Listeners
The Pragmatic Engineer
52 Listeners