Get the JRush Episode 7 recording, materials, and container security checklist. Three engineers walk through signed pipelines and attestations, reproducible Java image builds with Paketo Buildpacks, and a CVE response workflow that helps teams act without chasing scanner noise.
What are the talks about?
A breach story, the limits of SBOM-only controls, and a path to verifiable builds through attestations, provenance, and signing.
How buildpacks work under the hood, what Spring Boot does with them, and where they beat hand-maintained Dockerfiles.
A practical model for hardened images, SBOMs, provenance, CVE classification, and safe updates without chasing scanner noise.
What you will learn
Episode 7 focuses on the security decisions Java teams face after the scan: how artifacts are signed, how images are built, and how CVEs are triaged without slowing delivery.
See where current controls fall short and how attestations, provenance, and signing create a verifiable build path that security and platform teams can trust during reviews.
Understand where Paketo Buildpacks fit, how Spring Boot integration works, how layers are produced, and when buildpacks are the better path than hand-maintained Dockerfiles.
Get a repeatable response model for hardened base images, CVE classification, safe updates, SBOMs, and provenance so scanner output turns into decisions instead of noise.
Headliners
Docker Captain · Snyk Ambassador · Author of Docker and Kubernetes Security
Mohammad-Ali wrote Docker and Kubernetes Security and has spent years building, breaking, and securing containerized systems. His session connects a real supply-chain attack with the controls teams need next: attestations, provenance, and signing.
@MohammadAliEN
Paketo Java Buildpacks Maintainer · Software Developer, HeroDevs · Lead, Montreal Java User Group
Anthony is one of the people who builds and maintains the Paketo Java buildpacks. He works across Java, containers, CI/CD, and build tooling, and shows how buildpacks can replace fragile Dockerfile maintenance with a more consistent image-building workflow.
@anthonydahanne
Developer Advocate, BellSoft · Co-host, CyberJAR
Catherine helps teams ship secure, performant cloud-native Java using OpenJDK capabilities and open-source tools. Her talk turns scanner output into a practical workflow: hardened images, SBOMs, provenance, CVE classification, and safe updates.
@cat_edelveis
Free Java web conference
JRush is a free BellSoft series with expert talks, recordings, and technical materials for teams building, running, and securing Java applications. Episode 7 focuses on container supply chain security, from signed artifacts to buildpacks and CVE response.
FAQ
Submit the form once to get the Episode 7 recording, materials, and checklist in your inbox.
JRush is a free online series about Java development, cloud-native engineering, security, and practical tools for modern Java teams.
Yes. Submit the form and the autoresponder will send you the recording link, related materials, and the container security checklist for Episode 7.
It is built for Java developers, DevOps engineers, platform teams, application security engineers, and technical leads responsible for secure Java container delivery.
You will receive access to the Episode 7 replay and materials covering signed artifacts, Paketo Buildpacks, hardened Java container images, CVE response, and the container security checklist.
Final call
Recording, checklist, links, and practical takeaways from JRush Episode 7 straight to your inbox.