DevSecCon Germany – May

Discovery of Notary v2 & Securing Docker Images – the tech behind “docker scan”

Questions? Join the conversation on Slack

Talk 1 | Securing Docker Images – the technology behind “docker scan”

Using the “docker” command is an everyday occurrence for many of us these days. After a recent update it is now possible to “scan” newly built docker images for security vulnerabilities. This talk will present what this means, how it works and what technology is used to provide the service. We will first show what happens when a container image is scanned and then how the scan result is analysed and processed. We will also discuss the challenges involved with developing and supporting such a feature in partnership with Docker, Inc.

Matthias Ladkau DevSecCOn

Speaker: Dr. Matthias Ladkau
Matthias is an open-source enthusiast and engineering manager at Snyk. Coming originally from a computer science research background he is an engineer at heart who cares deeply about the people around him and making the life of every software developer a little more secure. Offline, Matthias plays the cello and likes to be out and about with family and friends.

Talk 2 | Discovery of Notary v2 the evolution of your container security toolchain

The notary project is the cornerstone of the container security toolchain, used in many OCI registries and Docker engine to sign and validate your docker images. The first version of Notary based on the TUF framework had some bottlenecks as an example: Notary v1 didn’t allow signatures to move with the images, they were tightly bound to a single registry.
A complete re-design has been started and we now have the second prototype available to play with.
Throughout this talk, I aim to give you an overview of the Notary v2 project as well as a quick demo of the prototype made by the community behind the project.
Speaker: Rachid Zarouali Cloud Architect Freelance / sevensphereRachid Zarouali is a Microsoft MVP and Docker Captain, international speaker and trainerIn his previous roles as head of the infrastructure team for the French registry and C.I.O of a worldwide recognized CRM and E-COMMERCE agency,
he recognized the need to bring the latest technology at a production level to businesses of all sizes and founded SevenSphere.
Through SevenSphere, Rachid offers training and consultancy for companies striving to dive into microservices container-based infrastructure.
Husband and father, Rachid spend his spare time, participating in a number of OSS communities, teaching cloud computing architecture at a software engineering school.
  • 00


  • 00


  • 00


  • 00


Book Event

DevSecCon Germany - May 2021

Stranger Danger: lunch & learn with DevSecCon Germany

Available Tickets: Unlimited
The DevSecCon Germany - May 2021 ticket is sold out. You can try another ticket or another date.


May 20 2021


11:00 am - 12:30 pm

Local Time

  • Timezone: America/New_York
  • Date: May 20 2021
  • Time: 7:00 am - 8:30 am


Virtual Event
QR Code
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.