Explore a practical guide for software supply chain security in this 31-minute conference talk by Anushka Mittal and Vishal Choudhary from Nirmata. Delve into the importance of signing, attesting, and verifying artifacts in the wake of prominent attacks like SolarWinds and Log4J. Learn how the OSS community is addressing concerns related to image integrity, security, and compliance at scale. Discover the role of the OCI v1.1 Spec's referrers API in associating software supply chain artifacts with container images. Examine the Notary Project's cross-industry standards for securing software supply chains through signing, verification, signature portability, and key/certificate management. Understand how CNCF policy engines like Kyverno can leverage supply chain artifact data to apply security checks during Kubernetes cluster admission control. Gain insights into how CNCF projects such as Kyverno and Notary enhance software supply chain security, enforce image trust, and prevent untrusted image deployment, ensuring integrity, security, and compliance at scale.
Sign, Attest, and Verify - A Practical Guide for Software Supply Chain Security
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Sign, Attest, and Verify! A Practical Guide for Software Supply...-Anushka Mittal & Vishal Choudhary
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Secure Software Supply Chain for CSSLP®
-
Kicking Security Chain Attacks to the Curb with Kyverno and Notary in GitOps
-
Securing the Supply Chain: A Practical Guide to SLSA Compliance from Build to Runtime
-
Enabling the Software Supply Chain Ecosystem with Notary Project
-
Safeguarding Cloud Native Supply Chain - Notary Project Overview and New Features
-
Securing Container Supply Chain in CI/CD with Notary Project, ORAS and Harbor
