Patching Errors in Application Images Before, During and after Runtime

When working with a vulnerable container image without access to source files and Dockerfile, it is necessary to ensure its security. The talk will cover methods of modifying the image using tools like docker-squash and mint, configuring security at the OS and Kubernetes level (AppArmor, capabilities, privilege management), and monitoring for anomalous container behaviour (e.g. using Falco and NeuVector). The goal is to make container usage secure at all levels.