Enforcing Organization Policies with Enterprise Contract

Discover how to enforce organizational policies for container images using the open-source Enterprise Contract ecosystem in this 21-minute conference talk by Zoran Regvart from Red Hat. Learn about leveraging Sigstore signatures, in-toto attestations, and other tamper-proof sources to maintain security in the rapidly evolving tech landscape. Focus on the Tekton ecosystem while exploring how Enterprise Contract, a CI agnostic tool, can be used to validate specific tasks like code scanners during the container image build process. Gain insights into going beyond simple signature checks for comprehensive container image validation. Although familiarity with the Sigstore community project is beneficial, beginners are also welcome to attend this informative session presented by OpenSSF.