Distributing Supply Chain Artifacts with OCI and ORAS Artifacts

Explore the critical importance of secure distribution in the face of continuous supply chain attacks in this 40-minute conference talk by Steve Lasker from Microsoft. Learn how ORAS Artifacts enhances OCI Artifacts by enabling graphs of artifact relationships, providing predictable lifecycle management for container images and related artifacts. Discover how registries are evolving to distribute cloud-native artifacts securely from public registries to private environments. Gain insights into the benefits of building upon hardened, performant, and securely distributed registries for managing signed images, system bill of materials (SBOM), and scan results. Understand the significance of consuming artifacts from public endpoints and promoting them across environments, including private networks without external access.

Distributing Supply Chain Artifacts with OCI & ORAS Artifacts - Steve Lasker, Microsoft