Containers
Container Images That Survive Audits
Multi-stage builds, SBOM exports, and distroless pivots taught as a narrative from dev laptops to CI runners.
- Format
- Guided labs + code reviews
- Duration
- 5 weeks · async + 3 live critiques
- Tuition (informational)
- KRW 1,240,000
- Mentor
- Rina Cho
Program narrative
We chase image size, provenance, and runtime defaults together. Labs include signing with cosign, scanning in CI, and rollback choreography when a digest pin fails. Incident retrospectives from past cohorts are anonymized and threaded through the readings.
What is included
- BuildKit cache mounts tuned for GitHub Actions equivalents
- Policy-as-code gate examples for admission controllers
- SBOM diff lab comparing two release candidates
- Runtime profile comparisons: gVisor vs default runc
- Supply-chain tabletop with mentor prompts
- Layer hygiene workshop with dive integration
- Release checklist co-authored with release mentors
Outcomes you can show
- Publish a signed image pipeline diagram your org can adopt
- Automate digest promotion with guarded canaries
- Run a blameless retro on a simulated bad deploy
Rina Cho
Cloud lab engineer focused on image hardening for regulated workloads.
Cohort FAQ
Accordion stays compact—one limitation answer is baked into each course.
We standardize on Harbor-compatible APIs; you may mirror exercises to ECR/GCR with mentor guidance.
Admission examples touch Kubernetes, but cluster internals belong to the dedicated Kubernetes cohort.
We do not supply enterprise contracts for scanners—use open-source tiers or your existing vendor trial.
Experience notes
SBOM diff lab mirrored what our release mentors asked for—finally a shared vocabulary between dev and ops.
Aya, Gwangju · SaaS operations group · Google
Policy-as-code gate was dense; mentor office hours untangled my OPA bundle.
Devin · Platform engineer · 5/5
Client in SaaS operations: appreciated the blameless retro prompts even if the role-play felt awkward at first.
Anonymous learner