KubeCon + CloudNativeCon North America 2020 Virtual

By accessing this sponsored session, the third party sponsor will receive some of your registration data. This data includes your First Name, Last Name, Title, Company, Address, Email, Standard Demographics Questions (I.e. Company Size, Job Function, Industry), and details about the sponsored content you interacted with. If you choose to access sponsored sessions, you are explicitly consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies.

This is an on-demand session and will be available for the duration of the event.


A vulnerability scanner for containers doesn’t help a user decide how to handle vulnerabilities. For example, even if a critical vulnerability is found, some organizations may accept the risk of it. The policy for vulnerability handling depends on the organization, and in many cases, the person in charge has to make a manual judgement based on this policy every time. This is time-consuming.

This talk demonstrates how to automatically handle vulnerabilities detected by a scanner using OPA.
- The vulnerabilities found by a scanner in CI are handled automatically by Open Policy Agent
- Applying custom policy, OPA shows users which vulnerabilities to address

This automatic vulnerability handling in CI will be demonstrated live, along with Trivy, which is an open source vulnerability scanner for containers. The same policy handling model could be used with any scanner.