J-Fall 2019: Dieter Hubau – A wild CVE appears! Rebuild all the containers!

Who doesn’t love a good Dockerfile? They are powerful and offer an easy, developer-friendly solution to packaging your applications in a standardized format. Yet they can require a lot of knowledge to construct properly and securely. Securing and maintaining these images can be hard to enforce at scale in the enterprise.

Ask yourself: how long does it take to patch your application landscape, when a major vulnerability affects one of the layers of your container image(s)? Do you have an idea which base images are being used right now? Do you have an automated way of updating Operating System, base images or dependencies across your application landscape?

The ideal way to get your source code into a container would keep the convenience of a Dockerfile, and remove human intervention over the development lifecycle. It would work on Day 1 and Day 2. This is the thinking behind Pivotal Build Service.

Build Service is a declarative way to build an OCI-compatible container image from source code. Push your code to the Service, and it will instantly produce an OCI image suitable for any compatible runtime. It offers a simple, fast, secure and automated way of building production-grade containers, especially in a large enterprise environment with many teams across different technology stacks.

This talk will go over some of the difficulties that large Java developer teams are facing in the enterprise when packaging their cloud native applications as containers, and how Pivotal Build Service mitigates these. There will be time for slides, lots of demos and hopefully plenty of questions.

(Visited 54 times, 1 visits today)

You might be interested in