This talk will be held in English. / Dieser Vortrag wird auf Englisch gehalten.
In software development, developers often choose their dependencies carefully using evaluation criteria (e.g., GitHub stars or update frequency). Unfortunately, they often ignore such criteria when containerizing their applications. Teams tend to use the first image that comes along, which can lead to security vulnerabilities and significant triage effort.
This talk offers eight evaluation criteria for images and how they can be assessed. A guide explains how to search for suitable and secure images and their version tags, including a specific case study. Finally, there are tips on building your own secure base images if research shows that no suitable image exists on the market
Participants should already have containerized one or more applications and/or be responsible for running off-the-shelf images.
Participants will gain awareness of the (negative) consequences of not carefully choosing images. Practical examples will explain how each of the eight evaluation criteria can be specifically assessed.
The guide explains search strategies that developers and DevOps engineers can use to efficiently find suitable images and tags (turning "I need a Python 3.12 image" into "ubuntu/python:3.12-24.04")
