Choosing & Building Better Images
As larger enterprise and more highly regulated industries want to join in the container revolution they are often times thwarted early in the process by their security and compliance teams finding numerous issues with the existing container images published. Faced with having to completely rebuild these images in order to use them in their regulated spaces many teams just walk away due to lack of resources to complete this task. As an industry and community we need to be striving to build better images. Many of the strategies available represent minimal changes to existing workflows that result in smaller images that are operationally more efficient and ultimately represent less risk for the deployers.
In our session we will examine the common pitfalls present in a lot of published images and provide both general guidance on why this is problematics as it relates to the world of compliance standards as well as some techniques to address them. While the presentation will use Docker and Dockerfile as examples, none of the content is run-time specific per se and many tools can be used to achieve similar results. The goal of the presentation is to present a new way of thinking about how to build images such that its easier for regulated industries to adopt these new technologies.
Topics Covered:
- Definition of a good container
- How-to Evaluate an existing image
- Building better images via multi-stage builds
- Update Strategies & Frequency
- Language Runtimes
- Scanning for vulnerabilities