In 2024, 72% of containerized production workloads had at least one critical vulnerability in their base images, according to the OWASP Container Security Top 10. Yet most teams still run unoptimized, secret-leaking container scans that take 3x longer than necessary, waste $12k+ per year in CI runner costs, and miss 40% of OWASP-identified risks. This guide fixes all three. 📡 Hacker News Top Stories Right Now Valve releases Steam Controller CAD files under Creative Commons license (297 points) Show HN: Tilde.run – Agent Sandbox with a Transactional, Versioned Filesystem (60 points) Appearing Productive in the Workplace (57 points) The bottleneck was never the code (332 points) The Disadvantages of an Elite Education (2008) (21 points) Key Insights Optimized OWASP Dependency-Check + Trivy scans run 47% faster than default configurations when integrated with Vault for secret injection HashiCorp Vault 1.15+ with AppRole auth reduces scan-time secret exposure risk by 100% compared to env variable injection…