Upgrade Images by Digging Out and Automatically Fixing the Vulnerabilities - Lin Ru, DaoCloud & Yan Wang, VMware
Abstract
As container technology become widely adopted in the industry, how to effectively protect the operating environment from the destruction of related potential vulnerabilities poses new challenges to the platform and/or security administrators.In this presentation, we’ll share the ideas of improving the security of the container images managed in the image registry:1. A pluggable scanning mechanism to quarry out the vulnerabilities of the images and export the scanning reports with kinds of formats to the interested parties;2. Controlling policies based on the scanning results applied to images to guarantee a secure distribution channel from the image registry to the operating environments;3. A way to automatically fix the vulnerabilities found in the image to improve the security of the images;4. A fantastic demo to let you easily understand the solution presented in this talk