Digging Into Container Image Layers for Sneaky Vulnerabilities

Explore techniques for identifying and mitigating vulnerabilities in container images, with a focus on complex edge cases. Learn how to use vulnerability scanning tools like Aqua's Trivy and layer explorer tools such as wagoodman's dive to analyze Java-based container images. Discover methods for narrowing down the search field when addressing critical vulnerabilities, even when traditional dependency management tools like Maven provide conflicting information. Through hands-on examples, gain practical skills in investigating and resolving security issues within popular container images, including those generated for Spring Boot applications.

Digging Into Your App's Container Image Layers for Sneaky Vulnerabilities - Pablo Galego, VMware