DevOps Q&A

The live DevOps Q&A covered a wide range of topics, from securing container images and scanning Windows‑based containers to career advice for cloud engineers and best practices for CI/CD pipelines.

The panel highlighted three primary sources for hardened Docker images—Chain Guard, Bitnami, and Docker Hub’s secured images—emphasizing cost trade‑offs and STIG compliance. For Windows containers, most open‑source scanners fall short; enterprise solutions like Prisma Cloud and CyCognito provide the needed coverage. Participants also advised leveraging deep on‑prem Kubernetes expertise to position oneself for AWS roles, and urged teams to replace legacy Ingress CRDs with the standards‑based Gateway API.

Key quotes included: “Chain Guard is best from a security perspective,” “Prisma Cloud supports Windows scanning,” and “Always sign the SHA, not the tag, using keyless OIDC with cosign.” The discussion also contrasted Jenkins’ extensive capabilities with integrated CI/CD tools such as GitLab, GitHub Actions, and CircleCI, noting that simplicity wins when requirements are modest.

The implications are clear: organizations must adopt vetted hardened images, invest in proper Windows‑container scanning, modernize legacy workloads, standardize on the Gateway API, and embed immutable, keyless signing into their pipelines to safeguard the software supply chain.