Building Images For The Secure Supply Chain

Security scans getting you down? Is the security team complaining about the CVE count in your images? Want to improve your SLSA level but don't know where to start? You're not alone - all organisations face these issues. This talk will walk through techniques and tooling that you can use today to address these concerns. In particular it will cover:

• how to reduce the CVE count in your images by minimising dependencies
• the importance of updating images and dependencies
• Using apko to build container images with SBOMs and complete reproducibility