DOP 239: What's in Your From Line? a Conversation With Chainguard
Posted on Wednesday, Nov 29, 2023
Show Notes
#239: In this episode, Ville Aikas and Matt Moore from Chainguard join us for a discussion about open-source projects, distroless containers, and software security.
They share their stories about the creation and progress of ChainGuard, offering insights into the way the company operates and contributes to the open-source community.
They also delve into the value of improving the signal-to-noise ratio of vulnerability scanners and how this can aid in addressing software security problems. They also explain their commitment to the APK format and its advantages, as well as the significance of Wolfi, their ‘(un)distro’, in maintaining vulnerability-free software environments.
Guests
Matt Moore
Matt is a long-time leader in the container tools space. He led the creation of Google’s Container Registry, and Uber TL’d Google’s container tools efforts for several years. As Uber TL, Matt created or helped shape dozens of popular projects including Google’s distroless project, kaniko, Jib, and ko as well as the popular Go container registry library, which powers projects like Buildpacks.io and Sigstore’s cosign. With Ville Aikas, Matt started the Knative project (and its spin-off Tekton).
Ville Aikas
Ville has been working on Cloud Services and Cloud Native technologies for well over a decade. While at Google, Ville led the creation and development of Google Cloud Storage as well as various other GCP services. Ville has also worked on many OSS projects including Kubernetes (first engineer on the project), Helm, and Kubernetes Service Catalog (where he met Scott). With Matt Moore, Ville started the Knative project and is currently on the Steering Committee for Knative.
Hosts
Viktor Farcic
Viktor Farcic is a member of the Google Developer Experts and Docker Captains groups, and published author.
His big passions are DevOps, Containers, Kubernetes, Microservices, Continuous Integration, Delivery and Deployment (CI/CD) and Test-Driven Development (TDD).
He often speaks at community gatherings and conferences (latest can be found here).
He has published The DevOps Toolkit Series, DevOps Paradox and Test-Driven Java Development.
His random thoughts and tutorials can be found in his blog TechnologyConversations.com.
Links
Rate, Review, & Subscribe on Apple Podcasts
If you like our podcast, please consider rating and reviewing our show! Click here, scroll to the bottom, tap to rate with five stars, and select “Write a Review.” Then be sure to let us know what you liked most about the episode!
Also, if you haven’t done so already, subscribe to the podcast. We're adding a bunch of bonus episodes to the feed and, if you’re not subscribed, there’s a good chance you’ll miss out. Subscribe now!