Sponsored Session: I Deleted 78% of my Redis Containers, and they Still Run!

Automating container hardening using coverage scripts and profiling

• Profile application in runtime to determine required packages
• Write coverage script to exercise workload functionality
• Use coverage script to signal for container hardening
• Automate process to replicate for all infrastructure
• Community images available on GitHub and Docker Hub

The speaker demonstrated a coverage script for Redis which was only 20-30 lines of code and used popular Redis commands to cover most of the functionality. They also showed how they created GitHub actions for all their images which run hourly and produce updated images if there are upstream changes. Users can view the images on Docker Hub and hit the 'rapid forth hardened' button to view the full report. The speaker emphasized the importance of automating the hardening process to avoid breakages in functionality and encouraged users to contribute to their GitHub page.

Do you use Redis, NGNX, and MySQL? If so, you probably have thousands of vulnerabilities and are shipping them into production environments. Yet out of 500 packages in open-source containers, you may only use 100 software packages, needlessly introducing risk into prod. In this session, Rajeev and Vinod will discuss the open-source project: Community Images. They will walk you through the process used to analyze and harden the containers and discover an easy way to remove vulnerabilities and shrink your container footprint. You’ll also learn how the open-source community can participate in the project.