DockerCon 2021: An Ounce of Prevention: Curing Insecure Container Images

Transcript

1. An Ounce of Prevention: Curing Insecure Container Images

2. Eric Smalling Speakers Sr. Developer Advocate, Snyk @ericsmalling Seyfat Khamidov

   Engineer, Red Ventures @skhamidov1

3. • Avoiding Insecure Docker Images • Shift left: DevSecOps w/

   Docker tools • Scaling with an image pipeline Agenda

4. Container Security at Scale Security testing automation drives a culture

   of security and empowers DevSecOps. 2x Adoption Automation empowers shift-left security Companies who automate are twice as likely to implement security testing 60% Production deployments in containers Containers continue to be the dominant mechanism for cloud native application deployment. Source: Snyk 2021 State of Cloud Native Application Security Report 56% Misconfiguration or Unpatched Vulnerability Over half experienced a misconfiguration or known unpatched vulnerability incident involving their cloud native applications. Rapid Fixes Testing faster leads to fixing faster. Over 72% with high levels of automation reported average time to fix vuln’s: less than a week and 36% averaged one day or less.

5. How To Avoid Building Insecure Images • Minimal Base Images

   • Authenticity • Regular Image/Dependency Scans • Linting Tools (Hadolint) • Least Privilege Access • Updates

6. Docker Scan Allows you to identify vulnerabilities in your Docker

   images and provides you with recommendations on how to remediate them. Powered by the Snyk engine. • Shifting Security Left • Convenience • Confidence In Applications • Configurable Scans

7. Demo

8. Docker Hub/Desktop Docker integrated scanning empowers DevSecOps • DockerHub

9. Docker Hub/Desktop Docker integrated scanning empowers DevSecOps • DockerHub

10. Docker Hub/Desktop Docker integrated scanning empowers DevSecOps • DockerHub

11. Docker Hub/Desktop Docker integrated scanning empowers DevSecOps • DockerHub •

    Docker CLI scan ◦ Docker Desktop (Win/Mac)

12. Docker Hub/Desktop Docker integrated scanning empowers DevSecOps • DockerHub •

    Docker CLI scan ◦ Docker Desktop (Win/Mac) ◦ Docker-CE (Linux) NEW!

13. Docker Hub/Desktop Docker integrated scanning empowers DevSecOps • DockerHub •

    Docker CLI scan ◦ Docker Desktop (Win/Mac) ◦ Docker-CE (Linux) • DevSecOps NEW! Build Test Deploy DevOps

14. Docker Hub/Desktop Docker integrated scanning empowers DevSecOps • DockerHub •

    Docker CLI scan ◦ Docker Desktop (Win/Mac) ◦ Docker-CE (Linux) • DevSecOps NEW! Build Test Deploy DevOps

15. Docker Hub/Desktop Docker integrated scanning empowers DevSecOps • DockerHub •

    Docker CLI scan ◦ Docker Desktop (Win/Mac) ◦ Docker-CE (Linux) • DevSecOps NEW! Build Test Deploy DevOps Security

16. Docker Hub/Desktop Docker integrated scanning empowers DevSecOps • DockerHub •

    Docker CLI scan ◦ Docker Desktop (Win/Mac) ◦ Docker-CE (Linux) • DevSecOps NEW! Build Test Deploy DevSecOps

17. • Centralization • Recommended images • Updates ◦ Fix vulnerabilities

    as they are found ◦ Auto open PR’s to update images Secure Base Images Container Image Pipeline

18. Container Image Pipeline

19. • Leveraging the Snyk CLI for scans • Scanning 1300+

    images per day • Support for multiple container registries • Allows you to surface findings which drives remediation efforts Flare - Container Security At Scale Central Scanning Process

20. Flare - Container Security At Scale How It’s Built

21. • Create your free Snyk account to enable integrated Snyk

    security https://snyk.co/Snyksignupfree • Test drive the Snyk & Docker integration in this 10-minute Snyk & Docker lab https://snyk.co/SnykDockerworkshop2 • Snyk & Docker Resource Page https://snyk.co/udmC7 • Snyk Cloud Native App’ Security Report https://snyk.co/dc21-cnasreport Additional Resources

22. Thank You!

23. At vero eos et accusamus et iusto odio dignissimos ducimus

    qui blanditiis praesentium voluptatum deleniti atque corrupti. Headline here

24. Text Only Slides

25. Slide title / 2 line max. Secondary headline / 1

    line max. Delete if slide title is 2 lines. Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur.

26. Paragraph font Monserrat 18pt. Title font Monserrat bold 30pt Secondary

    headline font Monserrat 18pt

27. Section title. Sed ut perspiciatis unde omnis iste natus error

    sit voluptatem accusantium doloremque laudantium, totam rem aperiam. Section title. Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam. Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt

28. Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt

    Section title. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur. Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam. Section title. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur. Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam.

29. Section title. Nemo enim ipsam voluptatem quia voluptas sit aspernatur

    aut odit aut fugit, sed quia consequuntur. Sed ut perspiciatis unde omnis. Section title. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur. Sed ut perspiciatis unde omnis. Section title. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur. Sed ut perspiciatis unde omnis.

30. Side title Secondary headline 1,000+ Paragraph title bold 14pt Body

    copy open sans 14pt 1,000+ Paragraph title bold 14pt Body copy open sans 14pt 1,000+ Paragraph title bold 14pt Body copy open sans 14pt 1,000+ Paragraph title bold 14pt Body copy open sans 14pt

31. 1. Bullet One 2. Bullet Two 3. Bullet Three 4.

    Bullet Four 5. Bullet Five 6. Bullet Six Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt

32. Title here Sed ut perspiciatis unde omnis iste natus error

    sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt. • Lorem ipsum • Lorem ipsum • Lorem ipsum • Lorem ipsum • Lorem ipsum • Lorem ipsum

33. Image & diagram Slides

34. Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt

    Section title. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur. Sed ut perspiciatis unde omnis. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit.

35. Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt

    Section title. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur. Sed ut perspiciatis unde omnis. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit.

36. Title font Monserrat bold 30pt

37. Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt

38. Title here Sed ut perspiciatis unde omnis iste natus error

    sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos qui ratione voluptatem.

39. Title font Monserrat

40. Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt

41. Screenshot Slides

42. Side title Secondary headline

43. Side title Secondary headline

44. None

45. Code block Slides

46. Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt

    CODE EDITOR { “Lorem”: “ipsum”, “laudantium”: 42 }

47. Side title Secondary headline CODE EDITOR { “Lorem”: “ipsum”, “laudantium”:

    42 } Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium dolor laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae.

48. Side title Secondary headline CODE EDITOR { “Lorem”: “ipsum”, “laudantium”:

    42 } Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium dolor laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae.

49. PNG Material

50. None
51. None
52. None
53. None
54. None
55. None
56. None

57. Dockercon logos on dark

58. Docker Logos on dark

59. Docker Logos on white

60. Dockercon logos on white

61. Text styles Display Slide Title Section Title Body Paragraph Title

    Caption Small Body Small Paragraph Title Large Body LABEL

62. Color Palette Primary Color Palette Secondary Color Palette

63. Icons

64. Icons

65. Icons

66. Presentation Template

67. How to use sample slides. Take some time browsing through

    each section to review the slide template options. It may be easier to use the Grid view (found below the your slide navigator). Copy/Paste or Duplicate sample slides, then modify as needed to build your presentation.

68. The grid. In order to maintain visual consistency across slides

    keep content and objects aligned to the Presentation grid. To turn on guides click view > Guides > “Show Guides”

69. How to edit / replace placeholder images. Select the image

    you want to replace, then choose “Replace Image…” from the Google Slides top menu. To reposition and resize the placed image, double-click it. This should bring you into adjustment mode where you can move and resize both the cropping frame and the image itself.

70. Content best practices. • Avoid dense information it makes your

    slide is difficult to digest. • For higher impact, consider distributing key content across multiple slides. • Don’t over use icons. • Emphasize the most important words with bold or color • Keep it simple.