Container Security Fundamental Containerized Applications

This interview was recorded for GOTO State of the Art in November 2025. https://gotopia.tech Read the full transcription of this interview here: https://gotopia.tech/articles/425 Adrian Mouat - Developer Relations at Chainguard & Author of 'Using Docker' Charles Humble - Freelance Techie, Podcaster, Editor, Author & Consultant RESOURCES Adrian https://bsky.app/profile/adrianmouat.com https://twitter.com/adrianmouat https://github.com/amouat https://linkedin.com/in/adrianmouat http://www.adrianmouat.com Charles https://bsky.app/profile/charleshumble.bsky.social https://linkedin.com/in/charleshumble https://mastodon.social/@charleshumble https://conissaunce.com Links https://images.chainguard.dev https://www.cisa.gov/sbom https://www.chainguard.dev/supply-chain-security-101/the-npm-registry-cant-protect-you-the-new-javascript-supply-chain-attacks https://oxide-and-friends.transistor.fm/episodes/discovering-the-xz-backdoor-with-andres-freund https://edu.chainguard.dev DESCRIPTION In this State of the Art episode, Charles Humble speaks with Adrian Mouat, Developer Relations at Chainguard and author of "Using Docker", about the evolution of container security and the persistent challenge of outdated packages. Adrian explains how traditional Linux distributions weren't designed for the immutable, frequently-replaced nature of containers, leading to security vulnerabilities that scanners detect but teams struggle to address. He discusses how Chainguard tackles this problem by building everything from source using Wolfi, creating minimal "distroless" images with near-zero CVEs, and how concepts like SBOMs, attestations, and defense in depth are reshaping security practices. The conversation also covers major security incidents including the XZ Utils backdoor and Shai-hulud attacks, emphasizing the importance of building from source, using short-lived credentials, and replacing rather than updating containers – practices pioneered by companies like Google that are gradually spreading across the industry. RECOMMENDED BOOKS Adrian Mouat • Using Docker • https://amzn.to/3PEYIJL Liz Rice • Container Security • https://amzn.to/3oU4iJe Liz Rice • Kubernetes Security • https://www.oreilly.com/library/view/kubernetes-security/9781492039075 Bluesky (https://bsky.app/profile/gotocon.com) Instagram (https://www.instagram.com/goto_con) LinkedIn (https://www.linkedin.com/company/goto-) Facebook (https://www.facebook.com/GOTOConferences) CHANNEL MEMBERSHIP BONUS Join this channel to get early access to videos & other perks: https://www.youtube.com/channel/UCs_tLP3AiwYKwdUHpltJPuA/join Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket: gotopia.tech (https://gotopia.tech) SUBSCRIBE TO OUR YOUTUBE CHANNEL (https://www.youtube.com/user/GotoConferences/?sub_confirmation=1) - new videos posted daily!