James Strong

James joined Chainguard after a long stint of helping customers migrate to the Cloud and Kubernetes. Security was the number one issue he saw when doing these migrations and now wants to help secure their supply chains. James is also the co-author of O’Reilly’s Networking & Kubernetes, KubePhilly Meetup organizer, ACloud Guru instructor and when he is not at a computer, you can find him in the gym doing Olympic weightlifting or on the rugby pitch.


Session

09-14
16:30
40min
Wolfi: A Secure-by-Default Distro for Curing Container CVE Chaos
James Strong, Carlos Tadeu Panato Junior

Are you using container images with hundreds of known vulnerabilities?

The majority of us are using images based on the Docker official images available on the Docker Hub. This includes base images – such as Debian and Ubuntu – as well as application images such as nginx and redis. Unfortunately these images often have hundreds of known vulnerabilities due to excessively large dependency trees with out-of-date packages. This security debt can lead to unnecessary security risks and slower development cycles.

Wolfi (​​https://github.com/wolfi-dev/) is a new Linux distribution optimized for building minimal, secure container images. Wolfi maintainers prioritize a rolling release model built on a rapid package update cycle, which ensures that new vulnerabilities are remediated quickly.

This talk not only describes the problems that motivate Wolfi but also provides hands-on knowledge to help developers take advantage of Wolfi. By the end of the talk, developers will learn about packaging techniques with apko and melange, tools specifically designed to build Wolfi packages and turn them into minimal, low- or no-vulnerability containers.

Dome