So. Many. Vulnerabilities. Why are containers such a mess and what to do about it.

If you’ve even run a vulnerability scan on a container you’ve probably seen it: the dreaded list with 100s, maybe even 1000s of issues on it. Containers have made life simpler in so many ways, but security sometimes doesn’t feel like one of them. So what can we do about it?

In this talk I’ll share what I’ve learned working with users and companies and the best practices I’ve picked up along the way to builds safer container images. I’ll also share what not to do, because there are many rabbit holes you can go down that end up wasting time and energy.

I’ll share the processes and patterns that you can use whether you’re working on an individual project, or you’re part of a bigger team embracing DevSecOps.



Jim Armstrong

I started my career doing traditional IT security at McAfee, in the days when servers where physical and you still had to screw in network plugs to the back of your computer. As virtual machines took ...