Explore a comprehensive overview of Notary v2, a community project aimed at enhancing supply chain security for containers, in this informative conference talk by Justin Cormack from Docker and Steve Lasker from Microsoft. Delve into the project's goals, its role in addressing issues hindering widespread adoption of the existing Notary project, and its integration with other supply chain initiatives. Learn about the requirements, ongoing work, and the roadmap to production for Notary v2. Gain insights into cloud-native software, container security, and pipeline security. Watch a demonstration covering Docker plugin addition, alias creation, ephemeral client support, artifact discovery and pushing, and Docker image pull processes. Discover the "World's Most Simple Assessment," Sbomb, and Reference Graph concepts. Find out where to access more information and resources on this crucial project for registry-native supply chain security.
Notary v2 - Supply Chain Security for Containers
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Intro
Why Notary v2
Cloud native software
Container security
Notary v2 requirements
Work in progress
Pipeline security
Demo
Add Docker plugin
Create alias
Support ephemeral clients
Discover artifacts
Push artifacts into the registry
Docker image pull
Worlds Most Simple Assessment
Sbomb
Reference Graph
Where to find us
Taught by
CNCF [Cloud Native Computing Foundation]
