Distroless containers revolutionised container design, yet they come with their own unique set of challenges —specifically hidden vulnerabilities.
Rezilion Research's 2023 report "Hiding in Plain Sight: Hidden Vulnerabilities in Popular Open Source Containers" uncovered the presence of hundreds of docker container images containing vulnerabilities that are not detected by most standard vulnerability scanners and SCA tools.
This session will shed a light on the 'dark side' of the distroless approach, calling for comprehensive software transparency. We will discuss potential mitigation solutions, including the Software Bill of Materials (SBOM) and adding back the "distro" to distroless with build tools such as Chisel.
Chisel blends the best elements of both distro and distroless, crafting chiselled Ubuntu containers that are secure, stable, and ultra-small... while preserving a seamless development experience.
Session author's bio
Cristovao (aka Cris) is an Engineering Manager@Canonical, ex-CERN engineer, with 10+ years of experience in Cloud and Edge computing. With an MSc in Electrical and Computer Engineering, Cristovao started his career as a Computing Engineer, integrating Cloud Computing resources into the largest computing grid in the world, the WLCG. Throughout the years, Cristovao became more and more focused on containers and how to integrate them with the whole spectrum of computing, from the Cloud to the Edge. Nowadays, Cristovao is managing a team of container experts who are responsible for the building of stellar container images, including the beloved official Ubuntu container image.
|Level of Difficulty||Intermediate|