Back To Schedule
Thursday, July 22 • 11:30am - 11:50am
Building Rapid CVE Responses into CF for K8s - Dr. Dave Walter & Andrew Wittrock, VMware

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
CVEs are unavoidable. Over 18,000 were reported last year alone. Cloud Foundry platform operators want to be able to quickly and easily patch their platforms whenever a CVE that might adversely affect them is reported. This is especially difficult when running on top of Kubernetes as components are distributed as runnable images instead of BOSH releases and stemcells. This talk will describe the mechanisms we use to detect and address CVEs in the component images that are included in CF for K8s. Learn how we: * Use Trivy to detect new CVEs in images included in the latest CF for K8s release * Use image metadata to track the exact version of source code used to build a given image * Use a combination of kbld, pack, cloud-native buildpacks, and Dockerfiles to (re)build images * Use CI to automate cutting patch releases of CF for K8s when a high or critical CVE is detected

avatar for Dr. Dave Walter

Dr. Dave Walter

Staff Software Engineer, VMware
Dave is a staff engineer at VMware. He started contributing to Cloud Foundry back in 2015 as a member of a number of component teams before joining the CF Release Integration team in 2019. For the last 3 years, he has been part of the team responsible for maintaining CF Deployment... Read More →
avatar for Andrew Wittrock

Andrew Wittrock

Member of Technical Staff III, VMware
Andrew is an engineer at VMware. He has been working on Cloud Foundry since 2019, and Cloud Foundry on Kubernetes since 2020. Andrew has been working in and contributing to the Kubernetes ecosystem for several years. He is currently a member of the Cloud Foundry on Kubernetes Working... Read More →

Thursday July 22, 2021 11:30am - 11:50am CDT
Virtual 1
  How To Track
  • Audience Experience Level Any
  • Slides Included Yes