Beyond the Scanner: What It Really Takes to Secure Containers

Agenda:

6:00 - 6:15pm: Introduction
6:15 - 7:00pm: John Craft - Beyond the Scanner: What It Really Takes to Secure Containers
7:15 - 8:00pm: Networking

Summary of the talk:
Container security isn’t just about running a scanner and fixing CVEs. With SBOMs, VEX statements, and evolving supply chain risks, the real challenge is knowing when a container is truly secure. This talk explores the limits of today’s scanners, how to use SBOMs and VEX effectively, and practical steps for building and deploying secure images. Attendees will leave with a clear framework for moving beyond “passing scans” to genuine container security.

Speaker bio:
John is a Solutions Engineer at Docker, where he helps organizations streamline and secure their software delivery pipelines. Prior to Docker, he co-founded Privacy Dynamics, a Seattle-based startup focused on simplifying data privacy and compliance. With a career rooted in building SaaS products, John has extensive experience scaling engineering teams and bringing complex technologies to market.