Container Vulnerability Scanning Sucks
Рет қаралды 687
2 ай бұрынContainer Vulnerabilities present a nightmarish challenge in cybersecurity. In this video, we dive into why fixing things actually takes a fraction of the time, and the challenges with working with vulnerability scanning tools.
Docker image used in the video: github.com/latiotech/insecure...
@CK.23. 2 ай бұрын
Proud to be No. 222.. Good job and good luck. Please try higher resolution for text..
@maxgraupner1049 2 ай бұрын
What are your thoughts on bumping versions and creating incompatibility, need for regression testing, etc. I agree the fixing can be THAT easy but then do you test every time there is a change?
@aviad-chen 2 ай бұрын
I would say yes. If you have a good test coverage in place, and no breaking changes in the minor upgrade of a package, why not? The idea is not to merge every day on every updatr, but if you do it on a weekly basis, per the new versions, it won't be that noisy
@latiotech 2 ай бұрын
All I can say is that this used to really scare me, but I've never had an image break from just running nightly builds with the same dockerfile auto-grabbing the latest patch version fixes. Conversely, this happens frequently with SCA type vulnerabilities bumping open source library versions.
BalcevMMA_BOXING
Рет қаралды 9 МЛН
Қайрат Әділгерей, Muyun Brothers, Аманғали Сыпабеков, Нұргүл Даубаева ҚЫЗЫҚ TIMES | Хотя бы кинода 3
Marat Oralgazin
Рет қаралды 611 М.
Brian Morrison
Рет қаралды 25 М.
Latio Tech - Learn Product Security
Рет қаралды 282
Nour's tech talk
Рет қаралды 35 М.
Гохич
Рет қаралды 2,9 МЛН
YUKI
Рет қаралды 8 МЛН