Understanding Container Reproducibility Challenges: Stopping the Next Solar Winds
Échec de l'ajout au panier.
Échec de l'ajout à la liste d'envies.
Échec de la suppression de la liste d’envies.
Échec du suivi du balado
Ne plus suivre le balado a échoué
Understanding Container Reproducibility Challenges: Stopping the Next Solar Winds
-
Narrateur(s):
-
Auteur(s):
À propos de cet audio
Container images are increasingly being used as the main method for software deployment, so ensuring the reproducibility of container images is becoming a critical step in protecting the software supply chain. In practice, however, builds are often not reproducible due to elements of the build environment that rely on nondeterministic factors such as timestamps and external dependencies. Lack of reproducibility can lead to lack of trust, broken builds, and possibly mask hidden malware insertion. Vessel, a recent tool from the Carnegie Mellon University Software Institute (SEI), helps developers identify the difference between two container images to help sort benign from problematic issues. In this SEI Podcast, Kevin Pitstick, a senior software engineer at the SEI and Vessel’s lead developer, and Lihan Zhan, a software engineer at the SEI working on tactical and AI-enabled systems, sit down with Grace Lewis, lead of the Tactical and AI-Enabled Systems (TAS) applied research and development team at the SEI, to discuss the Vessel tool, its development, and application in mission-critical settings.