Guest: Ian Riopel (LinkedIn)
Company: Slim.AI (Twitter)
With the shift left movement, developers are now taking on more of the security responsibility. However, whereas there is a push for it to be baked in earlier in the development lifecycle, Slim.AI takes a slightly different approach. Its SaaS-based solution aims to help developers ship out smaller, more secure containers while still enabling them to be creative and produce the best code they can without getting waylaid by security considerations.
In this episode of TFiR: Let’s Talk, Swapnil Bhartiya sits down with Ian Riopel, Chief Customer Officer at Slim.AI at KubeCon EU in Amsterdam, to discuss the best practices around creating smaller, more secure containers and how Slim.AI’s solution works to achieve this. He talks about the role security is playing in developers’ lives and how Slim.AI is simplifying security for developers. He also talks about to what extent security is being implemented and incorporated into companies rather than just being a talking point.
Key highlights from this video interview are:
- Container security hardening continues to be a challenge and Riopel talks about the interest they have had around Slim.AI’s new announcement of their container security hardening feature. He explains how it provides an automatic way to integrate into your CI and ship more secure, slimmer containers.
- The best practice is often to start with a pre-hardened container, which you then develop on top of. However, as fixes are applied to vulnerabilities, the container size is increased by 10-20%. Riopel talks about how their best practice differs and why it achieves a smaller, more secure container with fewer vulnerabilities.
- Slim.AI’s SaaS-based solution integrates with your pipeline, working with your registry and CI/CD to automatically reduce the number of vulnerabilities and container sizes.
- Riopel discusses the benefits of automated container hardening and how it helps detect vulnerabilities within containers and decipher which are real and which are exploitable. He talks about how their approach of taking out the code you do not need simplifies the process of managing vulnerabilities.
- Although we are still seeing things shifting left, Slim.AI takes a slightly different view where developers can develop and produce the best features, functions, and code that they can, and then security comes as a final step. Riopel talks about why this is preferable.
- Riopel feels people fall into two different camps with security, one where they are very aware of security, their security posture, and what they need to deliver. On the other side, you have people who create their containers and ship them out with security just as an afterthought. He talks about the regulation around security that will be coming into effect in the US in the near future and what this means for people.
This summary was written by Emily Nicholls.