Secure Container Images with Chainguard's Tooling: Melange, Apko & Wolfi • Matt Turner • GOTO 2023

This presentation was recorded at GOTO Amsterdam 2023. #GOTOcon #GOTOams https://gotoams.nl Matt Turner - DevOps Leader and Software Engineer at Tetrate @mt165 ORIGINAL TALK TITLE Building Secure & Auditable Container Images Using Chainguard's Tooling: Melange, Apko & Wolfi RESOURCES https://mt165.co.uk https://twitter.com/mt165 https://linkedin.com/in/mt165 https://github.com/mt-inside ABSTRACT Using minimal container images with known, auditable contents (the much-hyped SBOM) is a critical part of taking control of your supply-chain security. These images are smaller, more up-to-date, and more secure. You might have started down this path by using multi-stage builds and scratch or distroless base images. Recently, Chainguard has released a set of tooling that takes this to the next level. In this practical session, Matt will walk you through using these tools, showing you how to make small, minimal images, along with SBOMs for their entire contents. He will show how to publish these images, and submit their build attestations to an immutable public audit log. As a bonus, he'll also show how to manage ca-certs in container images, keeping them up-to-date and avoiding the dodgy ones which show up with surprising regularity. [...] TIMECODES 00:00 Intro 01:00 Container images 14:13 How do you build container images? 20:33 Apko - Custom distroless 32:19 Demo 48:27 Outro Read the full abstract here: https://gotoams.nl/2023/sessions/2489 RECOMMENDED BOOKS Adrian Mouat • Using Docker • https://amzn.to/3PEYIJL Burns, Beda & Hightower • Kubernetes: Up & Running • https://amzn.to/3sueuuI Burns, Villalba, Strebel & Evenson • Kubernetes Best Practices • https://amzn.to/3gBXRsr Liz Rice • Container Security • https://amzn.to/3oU4iJe https://twitter.com/GOTOcon https://www.linkedin.com/company/goto- https://www.instagram.com/goto_con https://www.facebook.com/GOTOConferences #Wolfi #Chainguard #Melange #Apko #SBOM #ContainerImages #Containers #Kubernetes #CloudNative #Programming #SoftwareEngineering #MattTurner CHANNEL MEMBERSHIP BONUS Join this channel to get early access to videos & other perks: https://www.youtube.com/channel/UCs_tLP3AiwYKwdUHpltJPuA/join Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech Sign up for updates and specials at https://gotopia.tech/newsletter SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily. https://www.youtube.com/user/GotoConferences/?sub_confirmation=1