Unpacking Open Source Security in Public Repos & Registries

The container ecosystem has exploded in the decade since it’s been introduced, with containers becoming the backbone for the way we package, deploy, orchestrate, schedule & operate our production applications. It’s no surprise then, that so many public facing resources have popped up over the years, both complementary open source projects & public registries that aggregate commonly used container images. In this talk we will unveil data from first of its kind research conducted by scanning the most popular and widely adopted open source projects––from Grafana to Prometheus, Lens, Helm, ArgoCD to public registries from which we pull our base images–DockerHub, Quay, to GCR, & ECR. We will share how these public-facing resources leveraged by practically all developers stack up security-wise.



Ben Hirschberg

Ben is a veteran cybersecurity and DevOps professional, as well as computer science lecturer. Today, he is the co-founder at ARMO, with a vision of making end-to-end Kubernetes security simple for ...