Security isn’t just about prevention—it’s also about investigation. This talk dives into the forensic side of container security. We’ll explore how to analyze container images using Syft (SBOM generation), Grype (vulnerability scanning), and Trivy (multi-purpose scanner). Learn how to detect hidden risks, trace vulnerabilities back to their source, and build a repeatable forensic workflow that strengthens your DevSecOps pipeline. This isn’t just static analysis—it’s detective work for containers.

Hello, I'm Mert Polat.

I'm currently working as an Cloud and Platform Engineer at Sufle. I started my career as a Jr. DevOps Engineer at Zip Turkey, where I gained extensive experience in Infrastructure and DevOps domains. At Duzce MEKATEK, I worked in the software team for an autonomous vehicle project and took on a leadership role. Additionally, I honed my skills in technologies like Docker, Kubernetes, and Ansible during a DevOps internship at Formica.

I am passionate about technology and knowledge sharing, so I write various articles for @DevopsTurkiye and @Bulut Bilişimciler publications on Medium.

I graduated from Duzce University with a degree in Computer Programming, and I'm currently pursuing a bachelor's degree in Management Information Systems at Anadolu University.