So. Many. Vulnerabilities. Why are containers such a mess and what to do about it.

What’s with all of these container image vulnerabilities? I’m a developer, not a security analyst! Whether you’re a solo dev or a large team embracing DevSecOps, join me to learn practices I’ve seen successful teams using to build safer container images & avoid the mistakes they made along the way.

If you’ve even run a vulnerability scan on a container you’ve probably seen it: the dreaded list with 100s, maybe even 1000s of issues on it. Containers have made life simpler in so many ways, but security sometimes doesn’t feel like one of them. So what can we do about it?

In this talk, I’ll share what I’ve learned working with users and companies and the best practices I’ve picked up along the way to builds safer container images. I’ll also share what not to do, because there are many rabbit holes you can go down that end up wasting time and energy.

I’ll share the processes and patterns that you can use whether you’re working on an individual project, or you’re part of a bigger team embracing DevSecOps.



Eric Smalling


Senior Developer Advocate at Snyk

Eric has over 25 years of professional experience in enterprise software development and architecture and has been practicing DevOps concepts since long before the