Build Systems that Drive Business
June 11–12, 2018: Training
June 12–14, 2018: Tutorials & Conference
San Jose, CA

What's so hard about container vulnerability scanning?

Liz Rice (Aqua Security)
1:15pm–1:55pm Thursday, June 14, 2018
Containers, Continuous Delivery
Location: LL21 E/F Level: Intermediate
Secondary topics: Resilient, Performant & Secure Distributed Systems
Average rating: ****.
(4.33, 3 ratings)

Prerequisite knowledge

  • A basic understanding of containers and container images and installing Linux packages with tools like apt-get or yum

What you'll learn

  • Learn what's easy—and what's not—about finding and patching security vulnerabilities in containers


When a vulnerability, like the recent Meltdown, gets disclosed, the race is on to patch your code, and in a containerized deployment, you may have many thousands of instances that need updating. Typically, you’ll be using an image scanner to identify affected containers. Liz Rice dives into what image scanners really do, how they work, and why identifying vulnerabilities is a harder problem than you might at first imagine. Along the way, you’ll learn why your Linux distribution matters for vulnerability detection and discover the difference between detecting vulnerabilities and malware. You’ll also see examples of false positives and how they get generated to learn what you can do about them.

If you have ever wondered how image scanners work, or if you’re concerned about keeping your containerized deployment up to date with the latest patches, this talk is for you.

Photo of Liz Rice

Liz Rice

Aqua Security

Liz Rice is the technology evangelist at container security specialists Aqua Security and coauthor of the O’Reilly report Kubernetes Security. She has a wealth of software development, team, and product management experience from her years spent working on network protocols and distributed systems and in digital technology sectors such as video on demand (VOD), music, and voice over internet protocol (VoIP). When not building startups and writing code, Liz loves riding bikes in places with better weather than her native London or racing in virtual reality on Zwift.