In this 2.5-hour use-case driven training session we’ll cover the most important container
security techniques: (best practices, platform features, image scanning, run-time security
and forensics) with Docker, Kubernetes and other 3rd party open source tools (Anchore,
Falco and Sysdig Inspect).
- Container security best practices: Learn what are the security best practices
building your containers: privileges, resource limits, Dockerfile options,
rebuild process, etc.
- Kubernetes platform security features: Host security configuration, Kubernetes RBAC,
Kubernetes Security Policy, Kubernetes Network Policy and other Admission Controllers, etc.
- Image scanning: How image static scanning works in Docker, available tools like
Quay and Anchore, integrating this in your CI/CD pipeline.
- Runtime security and forensics: Why runtime security is important? How tools like
seccomp, SELinux, AppArmor or Falco compare. Writing Falco rules. Forensics on containers.
- Deploying all the open source tools for a real example: Bringing together all the
tools like docker-bench, kube-bench, Kubernetes features, Anchore, Falco, sysdig and
Sysdig Inspect.Using FaaS for reacting to security threats in a containerized world.