![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=60,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore comprehensive open source software security beyond traditional vulnerability scanning in this conference talk that examines the hidden risks lurking beneath zero-CVE container images. Discover how open source projects can pose threats through improper governance structures vulnerable to hostile takeovers, malicious licensing containing legal pitfalls, end-of-life status with no maintenance path, poor documentation requiring code reading for understanding, inadequate testing creating scalability bugs, and insecure release processes exposing supply chains. Learn about emerging tools and methodologies from CNCF projects and Linux Foundation initiatives that leverage OpenSSF's Security Scorecards, SLSA framework, Security Baseline standards, and updated 2025 TAG Security guidance on supply chain security to surface critical metadata enabling safer open source adoption decisions. Understand how to move beyond paralyzing uncertainty when evaluating open source components by utilizing new generation tools that provide transparency around trust, maintainability, and comprehensive security posture assessment.
