One More Day for OnDemand Cybersecurity Training Special Offer - Your Choice, Learn More

London July 2019

London, United Kingdom | Mon, Jul 8 - Sat, Jul 13, 2019
This event is over,
but there are more training opportunities.

The State of Your Container's Supply Chain

  • Andrew Martin
  • Tuesday, July 9th, 7:00pm - 8:00pm

Container security often focuses on runtime best-practices whilst neglecting delivery of the software in the supply chain. Application, library, and OS vulnerabilities are a likely route to data exfiltration, and emerging technologies in the container ecosystem offer a new opportunity to mitigate this risk. Treating containers as immutable artefacts and injecting configuration allows us to "upgrade" images by rebuilding and shipping whole software bundles, avoiding configuration drift and state inconsistencies. This makes it possible to constantly patch software, and to easily enforce governance of artefacts both pre- and post-deployment. In this talk we detail an ideal, security-hardened container supply chain, describe the current state of the ecosystem, and dig into specific tools. Grafeas, Kritis, in-toto, Clair, Micro Scanner, TUF, and Notary are covered, and we discuss how to gate container image pipelines and deployments on cryptographically verified supply chain metadata.

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
Monday, July 8
Session Speaker Time Type
Defensible DNS Architecture Greg Scheidel Monday, July 8th, 6:00pm - 7:00pm SANS@Night
Tuesday, July 9
Session Speaker Time Type
Cloud Security Automation: From Infrastructure to App Frank Kim Tuesday, July 9th, 6:00pm - 7:00pm SANS@Night
The State of Your Container's Supply Chain Andrew Martin Tuesday, July 9th, 7:00pm - 8:00pm SANS@Night