Unpacking Open Source Security in Public Repos & Registries

The container ecosystem has exploded in the decade since it’s been introduced, with containers becoming the backbone for the way we package, deploy, orchestrate, schedule & operate our production applications. It’s no surprise then, that so many public facing resources have popped up over the years, both complementary open source projects & public registries that aggregate commonly used container images. In this talk we will unveil data from first of its kind research conducted by scanning the most popular and widely adopted open source projects––from Grafana to Prometheus, Lens, Helm, ArgoCD to public registries from which we pull our base images–DockerHub, Quay, to GCR, & ECR. We will share how these public-facing resources leveraged by practically all developers stack up security-wise.



Craig Box

VP of Open Source and Community at ARMO Craig Box is VP of Open Source and Community at ARMO, the enterprise company that created the CNCF Kubernetes security platform Kubescape. Prior to this role, ...