tldr - powered by Generative AI

• Provenance and reproducibility are major issues in the current state of security in IT.
• The distroless philosophy and using smaller base images can save from scan report purgatory.
• Updating images and dependencies is crucial.
• Using apko to build container images with SBOMs and complete reproducibility.
• Signing images with Sigstore.
• Cutting down dependencies by using smaller base images and keeping them up to date.
• Verifying signatures and using policy management tools to check for vulnerabilities.
• The vulnerability exploitability exchange can help filter vulnerabilities and cut down noise.
• Google container tools and digital images are small and perfect for running statically compiled binaries.
• The drawbacks of using Google container tools include a hard-to-extend list and difficulty in installing apps.
• Cutting down images to the minimum set of dependencies can drastically reduce noise in vulnerability reports.