Secure Container Supply Chain in Kubernetes the Easy Way

Explore a comprehensive conference talk on securing container supply chains in Kubernetes. Dive into software supply chain fundamentals, industry challenges, and cutting-edge solutions like Notary v2, ORAS, and Ratify. Learn how to sign and verify artifacts, promote them across registries, and enable Kubernetes clusters to verify artifact security before deployment. Gain insights from Feynman Zhou, a Microsoft Azure product manager and CNCF ambassador, as he shares practical approaches to enhance container security in cloud-native environments. Includes demonstrations on attaching SBOMs, distributing supply chain artifacts, and local signing and verification for container images.

Prepare
Opening
Secure Container Supply Chain in Kubernetes the Easy Way
Introudction to Sofeware Supply Chain
Challenges and concerns from the industries and end users
Notary v2, ORAS and Ratify in secure supply chain
Notary v2: Sign and veirfy artifacts the easy way
ORAS: Promote artifact across registries
Ratify: Enable Kubernetes cluster to verify artifacts security prior to deployment
Recap
Q&A