The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.
Please note: This schedule is automatically displayed in Mountain Standard Time (UTC -7). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis.
Maintaining secure container images and addressing new vulnerabilities quickly is a major challenge. To patch images, users face two options: wait for third-party authors to release updates, which can take weeks, or perform a full image rebuild, a time and resource-intensive process. Project Copacetic (Copa) enhances the image patching process, reducing turnaround time and complexity. It integrates easily into existing build infrastructure, giving users greater control over their patching timeline and reducing costs. Copa scans container images using tools like Trivy to generate a vulnerability report and parses the report for necessary OS-level package updates. It applies these updates to the target image using Buildkit (Docker’s default builder) to create a new patch layer on the original image. Copa can even patch distroless images by leveraging external tooling. The talk will overview Copa, highlighting new features like scanner plugins and omitting reports to update all packages.