Understanding Container Reproducibility Challenges: Stopping the Next Solar Winds

Container images are increasingly being used as the main method for software deployment, so ensuring the reproducibility of container images is becoming a critical step in protecting the software supply chain. In practice, however, builds are often not reproducible due to elements of the build environment that rely on nondeterministic factors such as timestamps and external dependencies. Lack of reproducibility can lead to lack of trust, broken builds, and possibly mask hidden malware insertion. Vessel, a recent tool from the Carnegie Mellon University Software Institute (SEI), helps developers identify the difference between two container images to help sort benign from problematic issues. In this SEI Podcast, Kevin Pitstick, a senior software engineer at the SEI and Vessel's lead developer, and Lihan Zhan, a software engineer at the SEI working on tactical and AI-enabled systems, sit down with Grace Lewis, lead of the Tactical and AI-Enabled Systems (TAS) applied research and development team at the SEI, to discuss the Vessel tool, its development, and application in mission-critical settings.

You can listen to Understanding Container Reproducibility Challenges: Stopping the Next Solar Winds online on Radio and Podcast. Open the player on this page to stream the available audio.

Understanding Container Reproducibility Challenges: Stopping the Next Solar Winds is an episode from Software Engineering Institute (SEI) Podcast Series by Carnegie Mellon University Software Engineering Institute.

This episode is 25:10 long.

This episode was published on Jul 30, 2025.

Yes. Use the heart button on the episode page to add it to your favorite episodes list.

Yes. This page shows related episodes from Software Engineering Institute (SEI) Podcast Series when more episodes are available from the podcast feed.