SnykCon 2020 has ended
Back To Schedule
Thursday, October 22 • 20:10 - 20:40
Patterns for secure container base image management

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Lots of organisations maintain a set of internal container base images. This allows for some centralisation of decision making (which base operating system should we use? What language runtimes do we support?) and provides a single place where security hardening and low-level patches can be applied.

But how do you ensure development teams are using the up-to-date base image? And from the development team perspective how can we make using the central base images a better developer experience?

In this talk we will:

  • Look at a few patterns for better base image management
  • Discuss the pros and cons involved in having central base images for your organisation, in particular around communicating change and determining ownership of issues
  • Talk about the role build files like Dockerfile play in helping manage usage of base images
  • Show a few demos of tools, including Snyk, Open Policy Agent and GitHub Actions, that can help you securely manage your base images
All attendees should come away from the session with some practical ideas they can put into practice straight away, whether they already have a central base image programme or not.

For teams responsible for managing a set of base images for an organisation we’ll talk about:
  • The problems you might be trying to solve by having your own base images, like being about to triage issues once and reduce operational complexity
  • Why development teams might not buy in and what to do about it 

For development teams building applications we’ll look at:
  • Why having someone else managing base images for you can be a good thing
  • Ways of making the security boundaries between teams clearer

And for security teams responsible for assuring the final images and the process around building them we’ll discuss:
  • How you can measure this effort across lots of teams and lots of images.
  • How to engage development teams in the process 

avatar for Gareth Rushgrove

Gareth Rushgrove

Director of Product, Cloud Native, Snyk
Director of Product Management at Snyk. Developer, designer, occasional sysadmin. Infrastructure and open source geek. Curator of Devops Weekly.

Thursday October 22, 2020 20:10 - 20:40 BST
Product Track