Explore a comprehensive conference talk on securing container supply chains in Kubernetes. Dive into software supply chain fundamentals, industry challenges, and cutting-edge solutions like Notary v2, ORAS, and Ratify. Learn how to sign and verify artifacts, promote them across registries, and enable Kubernetes clusters to verify artifact security before deployment. Gain insights from Feynman Zhou, a Microsoft Azure product manager and CNCF ambassador, as he shares practical approaches to enhance container security in cloud-native environments. Includes demonstrations on attaching SBOMs, distributing supply chain artifacts, and local signing and verification for container images.
Overview
Syllabus
Prepare
Opening
Secure Container Supply Chain in Kubernetes the Easy Way
Introudction to Sofeware Supply Chain
Challenges and concerns from the industries and end users
Notary v2, ORAS and Ratify in secure supply chain
Notary v2: Sign and veirfy artifacts the easy way
ORAS: Promote artifact across registries
Ratify: Enable Kubernetes cluster to verify artifacts security prior to deployment
Recap
Q&A
Taught by
Cloud Native Taiwan User Group
Related Courses
-
Notary - State of the Container Supply Chain
-
Kubernetes Security: Implementing Supply Chain Security
-
Secure Container Supply Chain with Notation, ORAS, and Ratify
-
Kicking Security Chain Attacks to the Curb with Kyverno and Notary in GitOps
-
Securing Container Supply Chain in CI/CD with Notary Project, ORAS and Harbor
-
Distributing Supply Chain Artifacts with OCI and ORAS Artifacts
