Explore the challenges and solutions for private container image signing in this 26-minute conference talk from KubeCon + CloudNativeCon Europe 2023. Delve into the growing importance of software supply chain security and the differences between open source and private container image signing. Learn about various signing technologies, including Sigstore and Notary v2, and their applications in internal Kubernetes software supply chains. Discover Datadog's security team's insights on implementing integrity controls for private container images, comparing open source and internal signing processes. Gain valuable knowledge on scaling signing frameworks and addressing unique challenges in private environments.
Who's Verifying Your Signatures? Approaching Private Container Image Signing
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Introduction
About Datadog
Agenda
Why
Tools
Survey Tools
Notary V1
Graphase
Notary V2
Update Framework
Cosine
How are we using Datadog
Requirements
Demo
Conclusion
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Secure Container Supply Chain in Kubernetes the Easy Way
-
Notary v2 - Supply Chain Security for Containers
-
Notary - State of the Container Supply Chain
-
Securing the Container Supply Chain with Notary
-
Securing GitOps Supply Chain with Sigstore and Kyverno
-
Securing Container Supply Chain in CI/CD with Notary Project, ORAS and Harbor
