Upgrade to Pro — share decks privately, control downloads, hide ads and more …

GCRと脆弱性検査

Avatar for youyo youyo
October 15, 2018
Technology
0
200

 GCRと脆弱性検査

GCRと脆弱性検査
Avatar for youyo

youyo

October 15, 2018
Tweet

More Decks by youyo

See All by youyo
家の快適度を計測してみた
Avatar for youyo youyo
1
190
Get started AWS CDK
Avatar for youyo youyo
0
100
Tried to create a deployment pipeline of AutoML Vision.
Avatar for youyo youyo
0
74
API GatewayのWebSocket対応について
Avatar for youyo youyo
0
810
goodbye-ec2
Avatar for youyo youyo
0
660
それでも僕はzabbixと生きていく
Avatar for youyo youyo
1
470
About AWS Lambda and kintone
Avatar for youyo youyo
1
260
TerraformとWerckerとAWS Organizationsで始めるステージング・開発環境構築 / terraform-wercker-aws-organizations
Avatar for youyo youyo
1
34k
ServerlessのおさらいとIronFunctionsについて
Avatar for youyo youyo
0
450

Other Decks in Technology

See All in Technology
NW運用の工夫と発明
Avatar for Akira Kanai / recuraki recuraki
1
410
AIに実況させる / AI Streamer
Avatar for motemen motemen
3
1.4k
Node−RED で Ollama を使ったローカルLLM(node-red-contrib-ollamaを利用) / ビジュアルプログラミングIoTLT vol.20
Avatar for you(@youtoy) you
PRO
0
130
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
Avatar for Sansan, Inc. sansan33
PRO
0
2.6k
CloudTrailも、GuardDutyも、VPC Flow logsも… ログ多すぎ問題の整理術
Avatar for Hiroki Uchida nikuyoshi
5
630
積み上げられた技術資産と向き合いながら、プロダクトの信頼性をどう守るか
Avatar for PLAID Tech plaidtech
PRO
0
380
アプリケーションの中身が見える!Mackerel APMの全貌と展望 / Mackerel APMリリースパーティ
Avatar for mackerelio mackerelio
0
420
会社員しながら本を書いてきた知見の共有
Avatar for Satoru Takeuchi sat
PRO
3
680
OTel meets Wasm: プラグイン機構としてのWebAssemblyから見る次世代のObservability
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
1
280
Contract One Dev Group 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
0
6k
Things you never dared to ask about LLMs — v2
Avatar for Guillaume Laforge glaforge
1
480
AIの電力問題を概観する
Avatar for Ryuichi Maruyama rmaruy
1
210

Featured

See All Featured
The Psychology of Web Performance [Beyond Tellerrand 2023]
Avatar for Tammy Everts tammyeverts
47
2.8k
The MySQL Ecosystem @ GitHub 2015
Avatar for Sam Lambert samlambert
251
12k
Art, The Web, and Tiny UX
Avatar for Lynn Fisher lynnandtonic
298
21k
How to Ace a Technical Interview
Avatar for Jacob Kaplan-Moss jacobian
276
23k
Helping Users Find Their Own Way: Creating Modern Search Experiences
Avatar for Dan Newman danielanewman
29
2.6k
Embracing the Ebb and Flow
Avatar for Simon Collison colly
85
4.7k
Side Projects
Avatar for Sacha Greif sachag
454
42k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
Avatar for soudai sone soudai
PRO
180
53k
Music & Morning Musume
Avatar for Bryan Veloso bryan
47
6.5k
Code Review Best Practice
Avatar for Trisha Gee trishagee
68
18k
The Invisible Side of Design
Avatar for Vitaly Friedman smashingmag
299
50k
Building an army of robots
Avatar for Kyle Neath kneath
306
45k

Transcript

  1. GCRと脆弱性検査

  2. GCR? Google Container Registory Dockerhubみたいなもの 脆弱性検査 Container Registry 脆弱性スキャン まだアルファ版

    ubuntu, debian, alpine https://cloud.google.com/container‑registry/docs/vulnerability‑ scanning?authuser=0&hl=ja

  3. FROM debian LABEL maintainer "youyo <[email protected]>" RUN apt update -y

    RUN apt install apache2 -y EXPOSE 80/TCP ENTRYPOINT ["apachectl","-k","start","-D","FOREGROUND"] $ docker build -t ¥ asia.gcr.io/any-applications/httpd:latest . $ gcloud auth configure-docker $ docker push asia.gcr.io/any-applications/httpd:latest
  4. None

  5. FROM alpine LABEL maintainer "youyo <[email protected]>" RUN apk add --update

    apache2 RUN mkdir /run/apache2 EXPOSE 80/TCP ENTRYPOINT ["httpd", "-DFOREGROUND"] $ docker build -t ¥ asia.gcr.io/any-applications/httpd:alpine alpine/ $ gcloud auth configure-docker $ docker push asia.gcr.io/any-applications/httpd:alpine
  6. None

  7. まとめ コンテナイメージも脆弱性検査をする時代 最適化されたベースイメージを使用するだけで脆弱性を減らせる https://github.com/GoogleContainerTools/distroless たぶんそんなにお金かからないし, とりあえず始めてみよう