Back
Training · 2 days (14 h)
Container Security
Two days to understand how a container gets compromised — and close the doors one by one, from image to runtime.
Objectives
- Build images free of avoidable vulnerabilities
- Integrate a scanner (Trivy) into the build chain
- Run containers with the minimum privileges
- Spot the misconfigurations that expose a cluster
Audience
Developers, ops, and technical CISOs who want to raise the security level of their containerized workloads.
Prerequisites
- Hands-on experience with Docker or an equivalent runtime
- Kubernetes notions help for the second day
Program
Understanding the attack surface
- Isolation: namespaces, cgroups, capabilities
- Real-world compromise scenarios
Securing images
- Minimal base images and multi-stage
- Vulnerability scanning with Trivy
- Secrets: what must never end up in an image
Securing the runtime
- Non-root, read-only, seccomp
- SecurityContexts and Pod Security Standards
Toward the supply chain
- Registries, signatures, and provenance
- Admission policies at a glance (Kyverno)
- Workshop: audit of a deliberately vulnerable stack
Get your quote
Six questions, two minutes. Quote within 48 h — often within minutes.
Configure my quote