If your container images are outdated,
you're vulnerable.

Base images are often updated without new tag versions, regardless of what container images you use. Failure to keep up-to-date is a prime source of vulnerabilities that can lead to serious security breaches. 

Automate the updates!

Learn how you can automatically detect upstream image changes and rebuild your image fleet to keep your CVE count low.

Bret Fisher, and guest Eric Smalling of Chainguard, are going to walk through how you can detect upstream changes and rebuild your images in a controlled, yet automated way.

BONUS: Are you safe from the Nx S1ngularity type CI exploit? Learn how to mitigate inherent risks that can come with more automation. We break down how to avoid exposing your CI secrets.

Key Takeaways

• Learn how to automate image rebuilds for the four types of upstream changes.
• Get a template GitHub Action workflows to rebuild your images when base images update.
• Walkthrough advanced Dockerfile migrations to Chainguard zero-CVE images.
• Learn GitHub Actions lockdown steps to protect against S1ngularity type attacks.