2026年8月8日 –, AU
AI has had an interesting side effect: it has shifted security from something often treated as an afterthought into a proactive, first-class concern in modern software development. With LLMs, scanning and identifying attack vectors is no longer limited to the codebase; it now extends across transitive dependencies, third-party packages, and entire distributions, resulting in a steady stream of newly uncovered critical CVEs.
Containers sit at the core of modern service deployments. Securing them is critical, and one of the most effective ways to strengthen security is to reduce the attack surface by stripping away everything that isn't essential.
The challenge is doing that in a reliable, efficient and repeatable way.
Luckily, there's a tool built for exactly this: Rocks.
It's an OCI-compliant image builder that lets you chisel away unnecessary packages and dependencies, helping you sculpt a lean, purpose-built container image, much like Michelangelo revealing a masterpiece from a block of "rock".
(pun intended)
More info: https://events.canonical.com/event/146/contributions/944/
Tushar Gupta is a Prof 1 at Canonical, where he works on the Launchpad team, building the infrastructure that powers Ubuntu. Passionate about open-source, he loves to spend time on OSS projects and has worked on p5py (Processing for Python), Flagsmith (feature flag management), and Sarthi (Docker-based preview environments). He is also an alumnus of the MLH Fellowship, Processing Summer Fellowship, and the GitHub Campus Experts program.