An Ounce of Prevention: Curing Insecure Container Images 

Eric Smalling Speakers Sr. Developer Advocate, Snyk @ericsmalling Seyfat Khamidov Engineer, Red Ventures @skhamidov1 

● Avoiding Insecure Docker Images ● Shift left: DevSecOps w/ Docker tools ● Scaling with an image pipeline Agenda 

Container Security at Scale Security testing automation drives a culture of security and empowers DevSecOps. 2x Adoption Automation empowers shift-left security Companies who automate are twice as likely to implement security testing 60% Production deployments in containers Containers continue to be the dominant mechanism for cloud native application deployment. Source: Snyk 2021 State of Cloud Native Application Security Report 56% Misconfiguration or Unpatched Vulnerability Over half experienced a misconfiguration or known unpatched vulnerability incident involving their cloud native applications. Rapid Fixes Testing faster leads to fixing faster. Over 72% with high levels of automation reported average time to fix vuln’s: less than a week and 36% averaged one day or less. 

How To Avoid Building Insecure Images ● Minimal Base Images ● Authenticity ● Regular Image/Dependency Scans ● Linting Tools (Hadolint) ● Least Privilege Access ● Updates 

Docker Scan Allows you to identify vulnerabilities in your Docker images and provides you with recommendations on how to remediate them. Powered by the Snyk engine. ● Shifting Security Left ● Convenience ● Confidence In Applications ● Configurable Scans 

Demo 

Docker Hub/Desktop Docker integrated scanning empowers DevSecOps ● DockerHub 

Docker Hub/Desktop Docker integrated scanning empowers DevSecOps ● DockerHub 

Docker Hub/Desktop Docker integrated scanning empowers DevSecOps ● DockerHub 

Docker Hub/Desktop Docker integrated scanning empowers DevSecOps ● DockerHub ● Docker CLI scan ○ Docker Desktop (Win/Mac) 

Docker Hub/Desktop Docker integrated scanning empowers DevSecOps ● DockerHub ● Docker CLI scan ○ Docker Desktop (Win/Mac) ○ Docker-CE (Linux) NEW! 

Docker Hub/Desktop Docker integrated scanning empowers DevSecOps ● DockerHub ● Docker CLI scan ○ Docker Desktop (Win/Mac) ○ Docker-CE (Linux) ● DevSecOps NEW! Build Test Deploy DevOps 

Docker Hub/Desktop Docker integrated scanning empowers DevSecOps ● DockerHub ● Docker CLI scan ○ Docker Desktop (Win/Mac) ○ Docker-CE (Linux) ● DevSecOps NEW! Build Test Deploy DevOps 

Docker Hub/Desktop Docker integrated scanning empowers DevSecOps ● DockerHub ● Docker CLI scan ○ Docker Desktop (Win/Mac) ○ Docker-CE (Linux) ● DevSecOps NEW! Build Test Deploy DevOps Security 

Docker Hub/Desktop Docker integrated scanning empowers DevSecOps ● DockerHub ● Docker CLI scan ○ Docker Desktop (Win/Mac) ○ Docker-CE (Linux) ● DevSecOps NEW! Build Test Deploy DevSecOps 

● Centralization ● Recommended images ● Updates ○ Fix vulnerabilities as they are found ○ Auto open PR’s to update images Secure Base Images Container Image Pipeline 

Container Image Pipeline 

● Leveraging the Snyk CLI for scans ● Scanning 1300+ images per day ● Support for multiple container registries ● Allows you to surface findings which drives remediation efforts Flare - Container Security At Scale Central Scanning Process 

Flare - Container Security At Scale How It’s Built 

● Create your free Snyk account to enable integrated Snyk security https://snyk.co/Snyksignupfree ● Test drive the Snyk & Docker integration in this 10-minute Snyk & Docker lab https://snyk.co/SnykDockerworkshop2 ● Snyk & Docker Resource Page https://snyk.co/udmC7 ● Snyk Cloud Native App’ Security Report https://snyk.co/dc21-cnasreport Additional Resources 

Thank You! 

At vero eos et accusamus et iusto odio dignissimos ducimus qui blanditiis praesentium voluptatum deleniti atque corrupti. Headline here 

Text Only Slides 

Slide title / 2 line max. Secondary headline / 1 line max. Delete if slide title is 2 lines. Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur. 

Paragraph font Monserrat 18pt. Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt 

Section title. Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam. Section title. Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam. Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt 

Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt Section title. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur. Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam. Section title. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur. Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam. 

Section title. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur. Sed ut perspiciatis unde omnis. Section title. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur. Sed ut perspiciatis unde omnis. Section title. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur. Sed ut perspiciatis unde omnis. 

Side title Secondary headline 1,000+ Paragraph title bold 14pt Body copy open sans 14pt 1,000+ Paragraph title bold 14pt Body copy open sans 14pt 1,000+ Paragraph title bold 14pt Body copy open sans 14pt 1,000+ Paragraph title bold 14pt Body copy open sans 14pt 

1. Bullet One 2. Bullet Two 3. Bullet Three 4. Bullet Four 5. Bullet Five 6. Bullet Six Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt 

Title here Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt. ● Lorem ipsum ● Lorem ipsum ● Lorem ipsum ● Lorem ipsum ● Lorem ipsum ● Lorem ipsum 

Image & diagram Slides 

Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt Section title. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur. Sed ut perspiciatis unde omnis. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit. 

Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt Section title. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur. Sed ut perspiciatis unde omnis. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit. 

Title font Monserrat bold 30pt 

Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt 

Title here Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos qui ratione voluptatem. 

Title font Monserrat 

Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt 

Screenshot Slides 

Side title Secondary headline 

Side title Secondary headline 

No content

Code block Slides 

Title font Monserrat bold 30pt Secondary headline font Monserrat 18pt CODE EDITOR { “Lorem”: “ipsum”, “laudantium”: 42 } 

Side title Secondary headline CODE EDITOR { “Lorem”: “ipsum”, “laudantium”: 42 } Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium dolor laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae. 

Side title Secondary headline CODE EDITOR { “Lorem”: “ipsum”, “laudantium”: 42 } Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium dolor laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae. 

PNG Material 

No content

No content

No content

No content

No content

No content

No content

Dockercon logos on dark 

Docker Logos on dark 

Docker Logos on white 

Dockercon logos on white 

Text styles Display Slide Title Section Title Body Paragraph Title Caption Small Body Small Paragraph Title Large Body LABEL 

Color Palette Primary Color Palette Secondary Color Palette 

Icons 

Icons 

Icons 

Presentation Template 

How to use sample slides. Take some time browsing through each section to review the slide template options. It may be easier to use the Grid view (found below the your slide navigator). Copy/Paste or Duplicate sample slides, then modify as needed to build your presentation. 

The grid. In order to maintain visual consistency across slides keep content and objects aligned to the Presentation grid. To turn on guides click view > Guides > “Show Guides” 

How to edit / replace placeholder images. Select the image you want to replace, then choose “Replace Image…” from the Google Slides top menu. To reposition and resize the placed image, double-click it. This should bring you into adjustment mode where you can move and resize both the cropping frame and the image itself. 

Content best practices. ● Avoid dense information it makes your slide is difficult to digest. ● For higher impact, consider distributing key content across multiple slides. ● Don’t over use icons. ● Emphasize the most important words with bold or color ● Keep it simple.