loader from loading.io

Chainguard and Securing Your Containers with Adrian Mouat

The Modern .NET Show

Release Date: 10/11/2024

Hayden Barnes and CVE-2025-33515 show art Hayden Barnes and CVE-2025-33515

The Modern .NET Show

Show Notes Hey everyone, and welcome back to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. I'm your host Jamie Taylor, bringing you conversations with the brightest minds in the .NET ecosystem. This episode is a super important, top-of-the-heap, bonus episode that you definitely need to be listening to. I, basically, reached out to Hayden Barnes, who we've just now had on the show to talk about .NET never-ending support and what happens when you drop out of support with Microsoft....

info_outline Hayden Barnes on .NET NES: Why We Need a New Approach to Open Source Maintenance show art Hayden Barnes on .NET NES: Why We Need a New Approach to Open Source Maintenance

The Modern .NET Show

Strategic Technology Consultation Services This episode of The Modern .NET Show is supported, in part, by . If you're an SME (Small to Medium Enterprise) leader wondering why your technology investments aren't delivering, or you're facing critical decisions about AI, modernization, or team productivity, let's talk. Show Notes "There's a good chance it's not gonna flag for you that, you, know your point of sale system is on .NET six and is now vulnerable, you know. So to a certain extent, companies often aren't even aware and this is something I've learned to be in this space. They're not...

info_outline Testing Made Easy: Debbie O'Brien Explains Playwright and its Game-Changing MCP Server show art Testing Made Easy: Debbie O'Brien Explains Playwright and its Game-Changing MCP Server

The Modern .NET Show

Strategic Technology Consultation Services This episode of The Modern .NET Show is supported, in part, by . If you're an SME (Small to Medium Enterprise) leader wondering why your technology investments aren't delivering, or you're facing critical decisions about AI, modernization, or team productivity, let's talk. Show Notes "It's not just guessing. It's not just saying, "oh, there's something to log in. I think we'll call the button login." It actually knows the button is called Login, it's seen it. So that makes a big difference and makes it much more resilient. So that's definitely a big...

info_outline Building the Future of APIs: Mike Kistler's Insights on OpenAPI and MCP show art Building the Future of APIs: Mike Kistler's Insights on OpenAPI and MCP

The Modern .NET Show

Strategic Technology Consultation Services This episode of The Modern .NET Show is supported, in part, by . If you're an SME (Small to Medium Enterprise) leader wondering why your technology investments aren't delivering, or you're facing critical decisions about AI, modernization, or team productivity, let's talk. Show Notes "And we talk about that contract. We say, "this is your contract. This Open API definition that you have is the contract for your service." And in the end, that's how customers interact with Azure is through APIs. And so it's important to have that contract so that...

info_outline Data, AI, and the Human Touch: Michael Washington on Building Trustworthy Applications show art Data, AI, and the Human Touch: Michael Washington on Building Trustworthy Applications

The Modern .NET Show

Strategic Technology Consultation Services This episode of The Modern .NET Show is supported, in part, by . If you're an SME (Small to Medium Enterprise) leader wondering why your technology investments aren't delivering, or you're facing critical decisions about AI, modernization, or team productivity, let's talk. Show Notes "What do I mean by compute? Compute is whenever you want a computer to do a thing, okay, it requires the CPU to exist and I want the CPU to do a thing. How well it can do it Is based upon what kind of CPU you have. What kind of CPU they have since have it in miniature...

info_outline Designing APIs Like a Pro: Lessons from Jerry Nixon on Data API Builder and Beyond show art Designing APIs Like a Pro: Lessons from Jerry Nixon on Data API Builder and Beyond

The Modern .NET Show

Strategic Technology Consultation Services This episode of The Modern .NET Show is supported, in part, by . If you're an SME (Small to Medium Enterprise) leader wondering why your technology investments aren't delivering, or you're facing critical decisions about AI, modernization, or team productivity, let's talk. Show Notes "Simple is always the better choice, but easy is not always the best. So sometimes you'll go to graph, it's a little bit harder for us to write the code for around it, but the bandwidth consumption is considerably smaller. the compute consumption and the ability for it to...

info_outline Compassionate Coding: Safia Abdalla's Insights on Empathy in Open-Source Development show art Compassionate Coding: Safia Abdalla's Insights on Empathy in Open-Source Development

The Modern .NET Show

Strategic Technology Consultation Services This episode of The Modern .NET Show is supported, in part, by . If you're an SME (Small to Medium Enterprise) leader wondering why your technology investments aren't delivering, or you're facing critical decisions about AI, modernization, or team productivity, let's talk. Show Notes "I think, regardless of how technology evolves, it's very important and us the most important thing is for us to be decent and understanding of each other and to be willing to like work towards a common goal."— Safia Abdalla Hey everyone, and welcome back to The Modern...

info_outline Umbraco Unplugged: Emma Burstow & Mats Persson on Umbraco Being The Friendly, Truly Open-Source, CMS show art Umbraco Unplugged: Emma Burstow & Mats Persson on Umbraco Being The Friendly, Truly Open-Source, CMS

The Modern .NET Show

Strategic Technology Consultation Services This episode of The Modern .NET Show is supported, in part, by . If you're an SME (Small to Medium Enterprise) leader wondering why your technology investments aren't delivering, or you're facing critical decisions about AI, modernization, or team productivity, let's talk. Show Notes "From the first engagement with any from Umbraco, it's been a friendly approach. We are friendly. It's a part of our DNA. Professional. We take our work dead seriously, but we want to have fun, but we are friendly."— Mats Persson Hey everyone, and welcome back to The...

info_outline Learning Azure with Jonah Andersson: A Developer's Guide to Cloud Computing and Development Fundamentals show art Learning Azure with Jonah Andersson: A Developer's Guide to Cloud Computing and Development Fundamentals

The Modern .NET Show

RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by , whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations. Show Notes "So the cloud adoption framework actually has a lot of steps for organizations or IT teams to start assessing their existing environments first and planning the stage before they modernise and migrate to Azure. And then the well-architected framework allows the team, whoever is involved, developers, engineers, or architects,...

info_outline Dapr: The Secret Sauce to Simplifying Distributed Applications with Mark Fussell show art Dapr: The Secret Sauce to Simplifying Distributed Applications with Mark Fussell

The Modern .NET Show

RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by , whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations. Show Notes "Yeah, exactly. In fact, one of the central premises of Dapr has, you know, one of its goals is not only to be multi-language, in that anyone can use the APIs from any language they come from. So it has SDKs. First, you can call it HTTP if that's all you care about. But it has SDKs for Java, JavaScript, of course, .NET, Python,...

info_outline
 
More Episodes

RJJ Software's Software Development Service

This episode of The Modern .NET Show is supported, in part, by RJJ Software's Podcasting Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations.

Show Notes

"Okay. So I’ll come on to that point is that’s obviously something i’d like to talk about. But a couple of things I should mention, I guess. That I think you’re absolutely right with all the points you raised, but we are trying to work on on everything there. So a couple of things are worth pointing out: one is docker-init; so nowadays if you start in like a new project with python or node or whatever, you can run the docker-init command, and what that will do is like create a dockerfile and a couple of other files, I think, to help you get started, and it sort of contains that the best practices. So to try and help you get over the hump of trying to understand how to create a dockerfile, and all the different ways you can build that without needing to know everything. So I think that really helps."—Adrian Mouat

Welcome friends to The Modern .NET Show; the premier .NET podcast, focussing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am your host: Jamie "GaProgMan" Taylor.

In this episode, Adrian Mouat joined us to talk about Chainguard, what a distroless container is, a number of tools that you can use to check whether your containers have any CVEs present, attestations and reproducibility, and a number of ways to secure your applications once they are running in the wild.

"Yeah, I like your point there about showing your receipts. So in attestations, you can also say things like, you know, “we did do this on this image.” You can create an attestation that says, “hey, I ran a scanner on this image and I had this output at this time.” And because it’s all signed, you know that that did happen, if you like. Yeah, and also like, you know, you could have an attestation that said, “I ran these tests on this image at this time and this was the output,” sort of thing. So it’s sort of proving that certain steps were taken."— Adrian Mouat

Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET.

Supporting the Show

If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show.

Full Show Notes

The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/chainguard-and-securing-your-containers-with-adrian-mouat/

Useful Links

Supporting the show:

Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend.

And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch.

You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast.