#33 Container Images, CVEs, and the Path to a Secure Supply Chain

Container images often inherit unnecessary vulnerabilities from traditional Linux distributions, where long release cycles lead to outdated packages and a flood of false positives.

In this talk, Wojciech Kocjan will show how modern approaches—such as distroless images and purpose-built distributions like Chainguard’s Wolfi—help reduce the attack surface and bring CVE counts close to zero.

You’ll learn about:

• Building minimal, secure images with tools like melange/apko, ko, and BuildKit/Buildah
• Shifting from heavyweight base images to lean, verifiable builds
• Container-native workflows in Kubernetes to strengthen the software supply chain

Speaker:

Wojciech Kocjan – CNCF Ambassador with 20+ years in IT, 10 years in public cloud, and deep expertise in scalable cloud-native solutions and Kubernetes automation. He co-organizes CNCF-affiliated meetups in Kraków and has a passion for drones, puzzles, and reading.

Event details:

• Date: 25.09.2025
• Time: 18:00
• Place: Virtuslab Office, Szlak 49, Kraków

Guest Policy: Due to office regulations, attendees must sign a guest list upon arrival.

Pizza will be served during the event!

Stay after the talk for networking, community building, and a slice (or two) of pizza.