Are you managing systems that need to comply with STIG, PCI-DSS or other security policies? Learn how to simplify your work with bootable containers and OpenSCAP.

Bootable containers bring many benefits for security compliance. Workflows based on Containerfiles centralize and simplify security hardening. Immutability of the system helps the system stay compliant. Automated atomic upgrades ensure systems are always in line with the latest version of the security policy. Security hardening can be integrated in CI/CD pipelines.

In this talk, we will demonstrate how to easily build a hardened bootable container image, and deploy a system that is compliant with security policy since its first boot. We will describe how compliance tools are integrated to container build workflow and we will discuss caveats of hardening bootable container images.