This is a 4h workshop at Dockercon 23

The recording is now available!

Modern applications are composed of many libraries and components from various sources being built and deployed on various systems, making it difficult for developers, platform teams, and security professionals to know what software is running and whether it is secure. Issues may arise from your own code, its dependencies, base images, and many other sources — and new vulnerabilities are being discovered all the time! If you want to secure your software supply chain, this is the workshop for you.

In this workshop, you’ll start off by learning about and remediating several common attacks against your software supply chain. From there, you’ll dive deeply into securing the software supply chain, taking a comprehensive view of the problem and possible solutions. With this knowledge, you’ll learn how Docker Scout helps you understand what’s in your images, how those images are constructed, what’s running where, and providing actionable feedback early in the process so concerns are eliminated before they become problems.

After this session, you’ll know how to take these learnings back to your organization so your team:

• Understands and can verify how their applications are built
• Quickly and easily identifies problems with your software supply chain and remediates them
• Uses policies to encourage best practices across your organization without blocking fixes getting to production
• Provides visibility into the security stance of your software to others within your organization

All the instructions to follow for this workshop can be found here: https://github.com/docker/dc23-secure-workshop