Zero-CVE Containers? Distroless & Hardened Images | Into the Terminal 188

What is a distroless container image? Or a Hardened image? And what's with this "zero-cve" craze? If you want to learn about Red Hat's Hardened container images, you wont want to miss this episode. We're working through what these images are, and maybe a bit of what they aren't, how they compare to other container images, and even how you might use them. Join us to learn everything you need to know to get started with these free and open, lightweight, container images. - - - - Critical Administration Skills for Red Hat Enterprise Linux: Whether you are new to Linux or new to RHEL, join our hosts for a hands-on look into the commands and processes, ask questions, and grow your knowledge. Get Started with Red Hat Enterprise Linux: https://developers.redhat.com/register Try it for yourself: https://redhat.com/interactive-labs Join our Discord: https://red.ht/rhel-discord Nate Lager: https://social.undrground.org/@gangrif Scott McBrien:   / scott-mcbrien-349b356   00:00 – Welcome to Into the Terminal: Hardened Images Introduction 01:03 – What are Red Hat Hardened Images? (The Zero CVE Mindset) 02:58 – Comparative Scan: Hardened Image vs. UBI (Standard Base Image) 04:35 – Defining the Zero CVE State as a Design Goal 07:01 – Footprint Comparison: Package Counts and Image Size 09:22 – How Hardened Images Differ from UBI (Upstream Engineering Path) 11:47 – Exploring the Red Hat Hardened Image Catalog 14:31 – Automation and the Delivery Pipeline for Security Fixes 18:02 – Understanding Streams, Variants, and Life Cycles 19:32 – Distroless (Shell-less) Containers for Enhanced Security 20:53 – FIPS Variance and Developing for Secure Targets 22:24 – Transparency in CVE Reporting within the Catalog 25:21 – Catalog Statistics: Current Images and Utility Containers (curl, jq) 28:25 – Demo: Building an Application with a Hardened Image 28:57 – Troubleshooting: Why the Standard Run Command Fails in Shell-less Images 31:28 – Multi-stage Builds: The Best Practice for Hardened Images 34:16 – Default Non-root Users and Writable Paths 36:05 – How Podman Handles Multi-stage Builds 40:30 – Running Utilities (curl) as a Containerized Service 44:20 – Licensing and Support: Using Hardened Images for Free 48:05 – Summary: Embracing a Different Security Mindset