Loading…
July 21-22, 2021 | Virtual
Virtual Event Platform
Learn More & Register Now
Back To Schedule
Thursday, July 22 • 11:30am - 11:50am
Building Rapid CVE Responses into CF for K8s - Dr. Dave Walter & Andrew Wittrock, VMware

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
CVEs are unavoidable. Over 18,000 were reported last year alone. Cloud Foundry platform operators want to be able to quickly and easily patch their platforms whenever a CVE that might adversely affect them is reported. This is especially difficult when running on top of Kubernetes as components are distributed as runnable images instead of BOSH releases and stemcells. This talk will describe the mechanisms we use to detect and address CVEs in the component images that are included in CF for K8s. Learn how we: * Use Trivy to detect new CVEs in images included in the latest CF for K8s release * Use image metadata to track the exact version of source code used to build a given image * Use a combination of kbld, pack, cloud-native buildpacks, and Dockerfiles to (re)build images * Use CI to automate cutting patch releases of CF for K8s when a high or critical CVE is detected

Speakers
avatar for Dr Dave Walter

Dr Dave Walter

Senior Member Technical Staff, VMware
Dave is a senior engineer at VMware. He first contributed to Cloud Foundry as part of the notifications API team back in 2015, before spending time on the BOSH Bootloader and Volume Services teams. For the last 2 years, he has been part of the team responsible for maintaining CF Deployment... Read More →
avatar for Andrew Wittrock

Andrew Wittrock

Member of Technical Staff III, VMware
Andrew is an engineer at VMware. He has been working on Cloud Foundry since 2019, and CF for K8s since 2020. Previously, he worked as a full-stack developer, focusing on Single Page Applications and build tooling. He has been interested in Kubernetes for several years, pursuing and... Read More →



Thursday July 22, 2021 11:30am - 11:50am CDT
Virtual 1
  How To Track
  • Audience Experience Level Any
  • Slides Included Yes