Cloud native applications are typically made up of a small core of homegrown code, along with a lot of open source modules. Vulnerabilities in modules across most languages are increasing, and so scanning that code for security vulnerabilities is a critical piece of the security jigsaw. This is straightforward in interpreted languages since the module information is shipped with our application, but in compiled languages like Go it’s not as straightforward. At Snyk we recently introduced the ability to automatically detect and scan included modules from Go binaries within your containers, and in this talk we’ll deep dive into the details of how we got there – from automatically detecting Go binaries inside your container images, to breaking apart the binary format and extracting the header information, and implementing this all functionality in our Node based command line client. If the internals of Go binaries are your thing, then this is the talk for you!
Detecting Module Vulnerabilities from Go Binaries
About Agata Krajewska
Agata is a Software Engineer in Container group in Snyk. Agata has spent the last year working on runtime security, solving problems around image scanning architectures and platforms. Whenever there’s a chance, she enjoys writing low level and embedded software code. Besides coding, Agata also teaches yoga and visits all the best food spots in East London.
About Daniel Kontorovskyi
Daniel Kontorovskyi is a Software Engineer at Snyk, and has spent most of the last 5 years building SAAS products in the security space. Most recently Daniel has been focused on the emerging need for security within cloud native applications and at runtime.