Quor is part of Getup. Meet the catalog of secure container images

Home

Services

Quor

Open source

Resources

About us

EN

Contact us

Getup Content

Getup Content

Getup Content

Technical content, research, videos, and materials on Kubernetes, Software Supply Chain, and container security.

Technical content, research, videos, and materials on Kubernetes, Software Supply Chain, and container security.

LATEST POST

IN THE COLLECTION

+470 pieces of content

+470 pieces of content

FEATURED FRONT

Software Supply Chain Security

Software Supply Chain Security

featured content

featured content

Disclosure gap: the unmonitored interval between CVE discovery and publication

When a CVE is published, the vulnerability has already existed for some time. The gap between discovery and public registration—the disclosure gap—is a period when scanners show nothing, SLAs are not triggered, and the environment seems clean. In this article, Heitor Gouvêa documents four real cases of responsible disclosure and what this gap means in practice for those managing risk.

CVE Management

Search

Security Researcher

Heitor Gouvêa

How we are building images with zero CVEs #3: separating real vulnerabilities from noise (VEX)

Software Supply Chain Security

Container security

Security Researcher

Heitor Gouvêa

Cybersecurity in M&A: the software supply chain liability that reduces valuation

Container security

CEO

Diogo Goebel

How we are building images with zero CVEs #2: compiling from source

Software Supply Chain Security

Container security

Security Researcher

Heitor Gouvêa

A NEW MOVEMENT, SAME ESSENCE

Why Software

Supply Chain Security?

Why Software

Supply Chain Security?

Getup has been active for more than 13 years in building, supporting, and evolving Kubernetes environments. With Quor, our secure container images product, this experience has also reached the base of the software chain: images, CVEs, provenance, SBOM, hardening, and traceability.

This front led us to study, test, and publish more frequently about Software Supply Chain. The content gathered here reflects this movement: product learnings, market research, technical analysis, conversations with specialists, and materials to support more consistent security decisions starting from the software's origin.

All contents

All contents

All

SOFTWARE SUPPLY CHAIN SECURITY

CONTAINER SECURITY

PRODUCT

CVE MANAGEMENT

KUBERNETES

SEARCH

EVENT

VIDEO

OPEN SOURCE

KUBICAST

PRESS

Disclosure gap: the unmonitored interval between CVE discovery and publication

CVE Management

Search

Security Researcher

Heitor Gouvêa

How we are building images with zero CVEs #3: separating real vulnerabilities from noise (VEX)

Software Supply Chain Security

Container security

Security Researcher

Heitor Gouvêa

Cybersecurity in M&A: the software supply chain liability that reduces valuation

Container security

CEO

Diogo Goebel

How we are building images with zero CVEs #2: compiling from source

Software Supply Chain Security

Container security

Security Researcher

Heitor Gouvêa

How we are building images with zero CVEs #1: reducing the attack surface (Alpine and distroless)

Software Supply Chain Security

Container security

Security Researcher

Heitor Gouvêa

Verifiable trust in containers: SBOM, VEX, SLSA, and attestations

Software Supply Chain Security

Container security

Security Researcher

Heitor Gouvêa

Disclosure gap: the unmonitored interval between CVE discovery and publication

CVE Management

Search

Security Researcher

Heitor Gouvêa

How we are building images with zero CVEs #3: separating real vulnerabilities from noise (VEX)

Software Supply Chain Security

Container security

Security Researcher

Heitor Gouvêa

Cybersecurity in M&A: the software supply chain liability that reduces valuation

Container security

CEO

Diogo Goebel

+200 episodes

+200 episodes

Kubicast Collection

Kubicast Collection

Technical conversations produced by Getup about Kubernetes, cloud native, open source, and technology practices. This section brings together previous episodes of Kubcast as a collection for reference.

Technical conversations produced by Getup about Kubernetes, cloud native, open source, and technology practices. This section brings together previous episodes of Kubcast as a collection for reference.

KUBICAST #194 - Decree No. 12,573 and E-Cyber

Decree No. 12,573 formalizes the National Cybersecurity Strategy. Understand the pillars of E-Ciber, its impacts on essential services, and the challenges that still remain unresolved.

Listen now

KUBICAST #193 - Gateway API with Kong in practice!

Much more than granular control for your APIs in Kubernetes

Listen now

Kubicast #192 - Can AI actually help you in your daily life?

Is OpenAI really here to help our technical lives?

Listen now

Listen to all episodes

of the podcast on your favorite app.

Listen to all episodes

of the podcast on your favorite app.

Spotify

Spotify

iTunes

iTunes

Overcast

Overcast

Container images with
near-zero CVEs, ready for production.

Container images with
near-zero CVEs, ready for production.

Meet Quor, the secure image catalog operated by Getup, featuring SBOM, provenance, and cryptographic signature by design.

Meet Quor, the secure image catalog operated by Getup, featuring SBOM, provenance, and cryptographic signature by design.

Explore catalog

Explore catalog

View documentation

View documentation

Operating Kubernetes in production for more than 13 years. With Quor, this experience extends to software supply chain security as well.

Operating Kubernetes in production for more than 13 years. With Quor, this experience extends to software supply chain security as well.

GET UP

Quor

Documentation

Service

RESOURCES

Blog

Events

Webinar

CONTACT

sales@getup.io

jobs@getup.io

Sao Paulo - SP

© Getup · 2026

Privacy policies

Cookie policies

Terms of use

Receive content about Kubernetes and Software Supply Chain Security.

Close