Is Your Image Really Distroless? - Securing Container Images

Explore the concept of "distroless" Docker images in this informative 19-minute conference talk by Laurent Goderre from Docker. Learn how multi-stage builds can separate build-time and run-time dependencies, creating more secure containers with reduced vulnerability surfaces. Discover the challenges of achieving truly distroless images when applications require additional tooling for runtime configuration. Examine how init containers can be leveraged to separate configuration logic from the runtime environment, enabling the creation of images without shells or scripting capabilities. Gain insights into enhancing container security and minimizing potential attack vectors in your Docker deployments.