Reducing Alert Fatigue With Container Scans: Correlate, Prioritize, and Filter Based on Usage

With Speakers: Teja Myneedu, Director—Product Security, Engineering & Research, Navan; Kiran Kamity, Founder & CEO, Deepfactor

Scenario: Your application is composed of 12 docker containers. Together they have 400 packages. When you run a container scan with an SCA (Software Composition Analysis) tool, you notice that 120 of them have vulnerabilities. Your security team is asking you to fix all the critical and high vulnerabilities, but your dev/DevOps team doesn’t have the cycles. What do you do?

Today, developers and DevOps engineers are being asked to address vulnerabilities and supply chain risks in container images. However, the volume of noisy security alerts often leads to developers ignoring them entirely or wasting valuable sprint time researching “false positives.”

In this session, Teja Myneedu, Director—Product Security, Engineering & Research at Navan, and Kiran Kamity, founder and CEO at Deepfactor, focus on how security and engineering teams can correlate vulnerabilities with runtime information, prioritize alerts based on usage, and filter out false positives that don’t represent a true exposure of a vulnerability. Prioritizing security updates to only used packages in your container image is a highly effective approach to reducing alert fatigue with your container scans. In addition, your DevOps team can even consider removing some of the unused packages and shrink your container images.

As an example, the session includes a demonstration of a typical SCA static container scan of a sample open-source test application and then show how an engineering team can filter alerts to reduce the number of vulnerable and used alerts that actually need to be fixed by developers by up to 90%.

Alert Fatigue

Guest speaker:

Teja Myneedu, Director—Product Security, Engineering & Research, Navan (formerly TripActions): Teja Myneedu is Director—Product Security, Engineering & Research, Navan. Previously, Teja led the product security team at Splunk and created the Tooling and Automation function. He has over 12 years of experience leading product security and cloud/infrastructure security at various tech and non-tech companies both large and small. Teja started his career on the offensive side and transitioned to security engineering, helping software development teams build secure software. He is passionate about mentoring and helping people grow in their security careers and co-founded the Security Mentor Club. Teja also advises security and tech startups.