COSCUP 2026 - Conference for Open Source Coders, Users, and Promoters

Parth Goswami

Parth Goswami is an open source enthusiast and mostly works with containers and networking. He loves contributing to open source by hosting meetups and interacting with the community.


Beiträge

08.08
11:00
30min
YAML is the New Dockerfile: Building AI Agent Systems with Docker cagent
Hrittik Roy, Parth Goswami

The industry is rapidly moving from single LLM applications toward systems composed of multiple agents, tools, memory layers, and workflows. But most discussions around AI agents focus heavily on frameworks and demos, while avoiding the larger systems question:

What does agent infrastructure actually look like?

This talk takes a cloud native and systems-oriented view of AI agents. We’ll explore how ideas from distributed systems, containers, orchestration, and platform engineering are beginning to shape the next generation of AI tooling.

Topics include:

  • Why AI agents resemble distributed systems more than chatbots
  • The emerging role of protocols like MCP
  • Declarative workflows versus imperative orchestration
  • Reproducibility and portability challenges in AI systems
  • Why infrastructure concepts like OCI artifacts and YAML workflows are reappearing in AI tooling

Using Docker cagent as a concrete example rather than the centerpiece, we’ll examine how modern agent runtimes are evolving toward infrastructure-style abstractions.

Open LLM Tech: Core Technologies
TR212
08.08
16:00
30min
Your Container Images Are a Liability: The Supply Chain Debt Nobody Is Paying Down
Hrittik Roy, Parth Goswami

Every container you deploy carries debt you didn't write. The average base image ships with 200-400 packages your application never calls, each one a potential CVE, each one expanding the blast radius of a breach. Teams run Trivy or Grype, get a wall of 400 alerts, patch the criticals, suppress the rest, and ship. The scan-patch-suppress cycle creates an illusion of security hygiene while the actual attack surface stays enormous.

The good news: the ecosystem is finally pushing back. Google's distroless project has been around for years, Chainguard built a business on minimal images, and Docker Hardened Images went fully open source under Apache 2.0 in late 2025, putting 1,000+ minimal, SBOM-signed images one pull away from every developer. Yet most teams still default to node:latest.

This talk dissects why container supply chain debt accumulates and what a different default looks like. Through live audits comparing standard, slim, distroless, and hardened base images for the same application, we'll examine size, CVE counts, and actual runtime dependencies. You'll leave with practical patterns: multi-stage builds done right, automated base image rebuild pipelines, and policy-as-code for image provenance, so minimal becomes the default without slowing teams down.

Open Source Policy
TR209