Building Zero-CVE Container Images at Scale: Patterns and Pitfalls

Abstract

Every team wants secure container images, but few realize how complex it becomes at scale. Building and maintaining hundreds or thousands of images means juggling dependency updates, vulnerability disclosures, and pressure to deliver fast—all while trying to keep the CVE count at zero.

This session breaks down the practical steps for building hardened container images that stay free of known vulnerabilities. We’ll explore the patterns that emerge when running a modern Linux distribution, the automation needed to keep dependencies current, and the trade-offs teams face when balancing security, speed, and reliability.

You’ll learn approaches for prioritizing and remediating CVEs, designing sustainable pipelines, and hardening images against common attack vectors. Along the way, we’ll share the lessons learned from operating at scale and highlight what it really takes to maintain zero-CVE images in production.

Whether you’re an engineer, security leader, or simply curious about secure software supply chains, you’ll walk away with practical insights you can apply to your own environment—and a deeper appreciation for the challenges behind every “secure” image.


 


Session Sponsored By

Chainguard is the secure foundation for software development and deployment. We help organizations eliminate threats in their software supply chains.
 

Date

Monday Nov 17 / 03:55PM PST ( 50 minutes )

Location

Pacific LM

Video

Video is not available

Share

From the same track

Session

Solving Real Problems for Development Teams with AI

Monday Nov 17 / 01:35PM PST

AI coding tools promise productivity gains, but many teams aren’t seeing the impact.

Speaker image - Dennis Pilarinos

Dennis Pilarinos

Founder and CEO @Unblocked

Session

AI Native Architecture for Java Applications

Monday Nov 17 / 02:45PM PST

We are currently moving from "AI-enabled" systems, where artificial intelligence is an additive feature, to "AI-native" systems, where intelligence is the foundational, architectural core.

Speaker image - Pratik Patel

Pratik Patel

Java Champion and lead developer advocate @Azul Systems

Session

Sponsored session powered by Akka

Monday Nov 17 / 10:35AM PST

Details coming soon!

Session

Sponsored session powered by Akka

Monday Nov 17 / 05:05PM PST

Session

Sponsored session powered by Dynatrace

Monday Nov 17 / 11:45AM PST

Details coming soon!