Secure Container Supply Chain in Kubernetes the Easy Way

Name: Secure Container Supply Chain in Kubernetes the Easy Way
Start: 2022-12-08T19:00:00+08:00
End: 2022-12-08T21:00:00+08:00

Cloud Native Taiwan User Group

Thursday, December 8, 2022, 11:00 AM – 1:00 PM UTC

Virtual event

Cloud Native Taiwan User Group #50

About this event

Topic: Secure Container Supply Chain in Kubernetes the Easy Way
➢ Introduction to Software Supply Chain Security
➢ Challenges and concerns from the industries and end users
➢ Notary v2: Sign and verify artifacts the easy way
➢ ORAS: Promote artifact across registries
➢ Ratify: enables Kubernetes clusters to verify artifact security prior to deployment
➢ Secure Supply Chain in CI/CD pipeline 

Speaker: Feynman Zhou is a product manager working at Microsoft Azure. He is also a CNCF ambassador and an active contributor of Notary v2 and ORAS. Feynman is focusing on software supply chain security. He is also passionate about cloud-native technology. Feynman is the event organizer of Kubernetes Community Days China.

YouTube Streaming: https://www.youtube.com/watch?v=wgaT9lV4ai4

Language: 中文

Speaker

Feynman Zhou

Microsoft Azure

Product Manager

When

Thursday, December 8, 2022
11:00 AM – 1:00 PM UTC

Agenda

11:00 AM

Secure Container Supply Chain in Kubernetes the Easy Way

Tons of tools are appearing to make software supply chain easier for everyone and provide security best practices for enterprises. Notary v2 is the next generation of the original signing project Notary, aiming to provide signing and verification capabilities with usability and security. Notation is the CLI tool of Notary v2, which supports creating cryptographic signatures with COSE envelop to container images so that you can make sure that the image someone produced is the same one that you are using, and that it has not been tampered by others. ORAS is a generic OCI registry client for distributing supply chain artifacts across clouds and on-prem. Ratify enables Kubernetes clusters to verify artifact security metadata prior to deployment and admit for deployment only those that comply with an admission policy that you create. In this session, Feynman will demonstrate how to secure your container supply chain with Notation, ORAS, Ratify, and SBOM tool, delivering a secure delivery experience in Kubernetes.

Organizers

Phil Huang

Microsoft

Senior Cloud Solution Architect

HungWei Chiu

Organizer Team

Gene Kuo

Mirantis Inc.

Technical Support Engineer

Rico Lin

Vexxhost

OpenStack Cloud Engineer

Yao De Fu

Software Engineer

Tsung-Yi Yu

CNTUG Volunteer

Pohsien Shih

CNTUG Volunteer

YI-YANG LIN

Red Hat

Solution Architect

Cheng Hao Yang

Wizigo Inc.

CNTUG Organizer

Lung-Hsuan Hung

DevOps Engineer

CONTACT US