Not a slide deck. Three engineers working hands-on with Docker Scout, Cosign, Paketo Buildpacks, and Java container hardening walk you through signed pipelines and attestations, reproducible Java image builds, and a CVE response workflow that doesn't slow your team down. Live demos. Real code. Free.
A free JRush session on signed pipelines, reproducible Java image builds, and a CVE response workflow your team can actually use.
🎁 Get the container security checklist when you register.
Free checklist included
Register once to get the container security checklist, the live broadcast link before JRush, and the recording after the event.
Topics
Swipe through 3 talks
A breach story, the limits of SBOM-only controls, and a path to verifiable builds through attestations, provenance, and signing.
How buildpacks work under the hood, what Spring Boot does with them, and where they beat hand-maintained Dockerfiles.
A practical model for hardened images, SBOMs, provenance, CVE classification, and safe updates without chasing scanner noise.
What you will walk away with
Three demo-backed answers to the container security problems your team has right now.
See where current controls fall short and how attestations, provenance, and signing create a verifiable build path.
Understand where Paketo Buildpacks fit, how Spring Boot integration works, and when buildpacks are the better path.
Get a repeatable response model for hardened base images, CVE classification, safe updates, SBOMs, and provenance.
Headliners
Swipe through 3 speakers
Docker Captain · Snyk Ambassador · Author of Docker and Kubernetes Security
Mohammad-Ali literally wrote the book on Docker and Kubernetes security and has spent years building, breaking, and securing containerized systems. His session connects a real supply-chain attack with the controls teams need next: attestations, provenance, and signing.
Supply-chain security, signing, provenance
Paketo Java Buildpacks Maintainer · Software Developer, HeroDevs · Lead, Montreal Java User Group
Anthony is one of the people who actually builds and maintains the Paketo Java buildpacks. He works across Java, containers, CI/CD, and build tooling, and will show how buildpacks can replace fragile Dockerfile maintenance with a more consistent image-building workflow.
Buildpacks, Java images, CI/CD
Developer Advocate, BellSoft · Co-host, CyberJAR
Catherine helps teams ship secure, performant cloud-native Java using OpenJDK capabilities and open-source tools. Her talk turns scanner output into a practical workflow: hardened images, SBOMs, provenance, CVE classification, and safe updates.
Java security, CVE response, hardening
Web conference series
JRush gives Java teams compact expert talks, live discussion, recording, and materials they can return to after the event.
Focused live context. Reusable after the event.
Free checklist
Register for JRush and get a quick self-check for runtime hardening, CVE hygiene, SBOMs, image signing, and base image security.
Checklist arrives right after registration. The broadcast link will come before JRush, and the recording after the event.
FAQ
Register to get the broadcast link before JRush. The recording will arrive after the event.
A series of free online seminars on Java development, cloud-native engineering, security, and the tools shaping the Java ecosystem.
Yes. The event is free to attend. Register to receive the broadcast link and recording.
Yes. The program is built around practical demos, real tooling, and workflows that Java teams can adapt after the event.
No. The talks are useful for Java developers, DevOps engineers, platform teams, architects, and anyone responsible for shipping secure Java containers.
Yes. Registered attendees receive the recording after the conference ends.
Save your spot
Get the checklist, join the live session, and walk away with a clearer way to review your Java container pipeline.
Checklist arrives right after registration. The broadcast link will come before JRush, and the recording after the event.
