If your container images are outdated,

you're vulnerable.

Base images are often updated without new tag versions, regardless of what container images you use. I call this, Silent Updates. There's no way to know this happens without image digest-checking automation. Failure to keep up-to-date is a prime source of vulnerabilities that can lead to serious security breaches.

Automate the updates!

Learn how you can automatically detect upstream image changes and rebuild your image fleet to keep your CVE count low.

Bret Fisher, and guest Eric Smalling of Chainguard, are going to walk through how you can detect upstream changes and rebuild your images in a controlled, yet automated way.

Key Takeaways

• Learn how to automate image rebuilds for the three types of upstream changes.
• Get a template GitHub Action workflows to rebuild your images when base images update.
• Walkthrough advanced Dockerfile migrations to Chainguard zero-CVE images.
• Learn GitHub Actions lockdown steps to protect against S1ngularity type attacks.