• Use continuously updated container base images like Chainguard Images that aim for zero known vulnerabilities. This can vastly reduce the work required by teams investigating and mitigating vulnerabilities in images reported by security scanners.
  • Invest in automated integration, system and unit tests. Tests are essential and should catch the vast majority of bugs.
  • Look into techniques for high-velocity, high-assurance development, including those detailed in the Google Site Reliability Engineering book such as canary releases, feature flags, and rollbacks. These help ensure any issues are caught early and affect as few end users as possible.
  • Employ observability tooling to identify problems or performance issues as soon as possible.