Strengthening the Secure Supply Chain with Project Copacetic, Eraser, and FluxCD
Containers are widely used to deploy applications, but they also pose new security challenges. How can you ensure that your container images are free of vulnerabilities and always up to date? How can you prevent insecure images from running in your Kubernetes cluster? How can you automate the entire process of scanning, patching, and deploying secure images?
In this talk, you will learn how you can leverage several open source tools to strengthen your secure supply chain by automating the scanning, patching, deployment, and deletion of container images in a Kubernetes cluster.
We'll explore the following projects that can help you achieve these goals: Copacetic, Eraser, and FluxCD. Copacetic is a new project that scans and patches container images using Trivy, a vulnerability scanner. Eraser is a CNCF Sandbox project that removes insecure images from your Kubernetes cluster. FluxCD is a CNCF Graduated project that deploys container images based on GitOps principles.
By the end of this talk, you will have a better understanding of how to automate container security and improve your infrastructure’s security posture.