Discover how to enhance vulnerability management practices using OCI artifacts in this 36-minute conference talk from CNCF. Learn about the recent advancements in supply chain security, including the popularization of standard Software Bill of Materials (SBOMs) and signed attestations. Explore the challenges of efficiently utilizing SBOMs at scale and how the OCI artifacts specification elegantly solves these issues. Gain insights into signing images, storing and signing SBOMs, scan results, and other important supply chain-related attestations alongside relevant artifacts in the registry. Understand how to leverage open-source tools like Trivy, Notary, and ORAS to improve vulnerability management practices. Discover how these techniques can be applied to various OCI artifacts, including WASM, packages, and libraries.
Improve Vulnerability Management with OCI Artifacts - It Is That Easy
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Improve Vulnerability Management with OCI Artifacts -It Is That Easy! - Itay Shakury & T Mladenov
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Distributing Supply Chain Artifacts with OCI and ORAS Artifacts
-
Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor
-
Securing Container Supply Chain in CI/CD with Notary Project, ORAS and Harbor
-
Modifying the Immutable: Attaching Artifacts to OCI Images
-
Kicking Security Chain Attacks to the Curb with Kyverno and Notary in GitOps
-
Notary v2 Introduction and Status Report
