With software supply chain attacks in the headlines, open source projects (and the organizations that use them) are becoming even more focused on security. Everyone says they take security seriously, but how can we prove it? We will use Syft (an open source SBOM generator) and Grype (an open source vulnerability scanner) to analyze the top 25 containers on Docker Hub using Elasticsearch and Kibana. This will be a live analysis and we expect to uncover interesting results about the contents and vulnerabilities associated with these widely used open source containers. The audience is encouraged to ask their own questions live and we’ll dig into the data to find real-time answers.