English
This talk will be held in English. / Dieser Vortrag wird auf Englisch gehalten.
Moritz Johner
is an engineer at Form3 and maintainer of External Secrets. He builds and breaks Kubernetes systems, works on security, and has strong opinions about complexity, automation, and why most “best practices” don’t age well.
This talk will be held in English. / Dieser Vortrag wird auf Englisch gehalten.
Everybody says CVE remediation is just dependency hygiene: bump the thing, run CI, move on. That story collapses once you are responsible for thousands of repositories. Now you are dealing with artifact discovery, build provenance, PR orchestration, CI reconciliation, sandboxing, and security teams that are very reasonably nervous about autonomous code changes.
This talk is a practical report from building that system in a regulated environment, including the decisions that held up, the ones that did not, and the central trade-off we could not avoid: an agent has to be constrained enough to be safe and capable enough to verify its own work.
This session is for platform engineers, SREs, and senior backend engineers who operate shared automation. Attendees should be comfortable with CI/CD, containers, dependency management, and the realities of supporting many repositories and many teams.
Attendees will learn
- why large-scale CVE remediation becomes a platform problem,
- how to design a controller-agent workflow that can survive production reality,
- how to evaluate sandboxing and verification trade-offs, and
- which architectural choices matter when autonomous fixes move from demo to platform capability.
Moritz Johner
is an engineer at Form3 and maintainer of External Secrets. He builds and breaks Kubernetes systems, works on security, and has strong opinions about complexity, automation, and why most “best practices” don’t age well.