When a vulnerability, like the recent Meltdown, gets disclosed, the race is on to patch your code, and in a containerized deployment, you may have many thousands of instances that need updating. Typically, you’ll be using an image scanner to identify affected containers. Liz Rice dives into what image scanners really do, how they work, and why identifying vulnerabilities is a harder problem than you might at first imagine. Along the way, you’ll learn why your Linux distribution matters for vulnerability detection and discover the difference between detecting vulnerabilities and malware. You’ll also see examples of false positives and how they get generated to learn what you can do about them.
If you have ever wondered how image scanners work, or if you’re concerned about keeping your containerized deployment up to date with the latest patches, this talk is for you.
Liz Rice is the technology evangelist at container security specialists Aqua Security and coauthor of the O’Reilly report Kubernetes Security. She has a wealth of software development, team, and product management experience from her years spent working on network protocols and distributed systems and in digital technology sectors such as video on demand (VOD), music, and voice over internet protocol (VoIP). When not building startups and writing code, Liz loves riding bikes in places with better weather than her native London or racing in virtual reality on Zwift.
©2018, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org