Abstract
Every team wants secure container images, but few realize how complex it becomes at scale. Building and maintaining hundreds or thousands of images means juggling dependency updates, vulnerability disclosures, and pressure to deliver fast—all while trying to keep the CVE count at zero.
This session breaks down the practical steps for building hardened container images that stay free of known vulnerabilities. We’ll explore the patterns that emerge when running a modern Linux distribution, the automation needed to keep dependencies current, and the trade-offs teams face when balancing security, speed, and reliability.
You’ll learn approaches for prioritizing and remediating CVEs, designing sustainable pipelines, and hardening images against common attack vectors. Along the way, we’ll share the lessons learned from operating at scale and highlight what it really takes to maintain zero-CVE images in production.
Whether you’re an engineer, security leader, or simply curious about secure software supply chains, you’ll walk away with practical insights you can apply to your own environment—and a deeper appreciation for the challenges behind every “secure” image.
Session Sponsored By

Chainguard is the secure foundation for software development and deployment. We help organizations eliminate threats in their software supply chains.