#33 Container Images, CVEs, and the Path to a Secure Supply Chain

Container images often inherit unnecessary vulnerabilities from traditional Linux distributions, where long release cycles lead to outdated packages and a flood of false positives.

In this talk, Wojciech Kocjan will show how modern approaches—such as distroless images and purpose-built distributions like Chainguard’s Wolfi—help reduce the attack surface and bring CVE counts close to zero.

You’ll learn about:

Building minimal, secure images with tools like melange/apko, ko, and BuildKit/Buildah

Shifting from heavyweight base images to lean, verifiable builds

Container-native workflows in Kubernetes to strengthen the software supply chain

Speaker:

Wojciech Kocjan – CNCF Ambassador with 20+ years in IT, 10 years in public cloud, and deep expertise in scalable cloud-native solutions and Kubernetes automation. He co-organizes CNCF-affiliated meetups in Kraków and has a passion for drones, puzzles, and reading.

Event details:

📅 Date: 25.09.2025

🕕 Time: 18:00

📍 Place: Virtuslab Office, Szlak 49, Kraków

Guest Policy: Due to office regulations, attendees must sign a guest list upon arrival.

🍕 Pizza will be served during the event!

Stay after the talk for networking, community building, and a slice (or two) of pizza.