Secure Container Supply Chain in Kubernetes the Easy Way

Name: Secure Container Supply Chain in Kubernetes the Easy Way
Start: 2022-12-08T19:00:00+08:00
End: 2022-12-08T21:00:00+08:00

KCD Taiwan

Dec 8, 2022, 11:00 AM – 1:00 PM (UTC)

Virtual event

Cloud Native Taiwan User Group #50

About this event

Topic: Secure Container Supply Chain in Kubernetes the Easy Way
➢ Introduction to Software Supply Chain Security
➢ Challenges and concerns from the industries and end users
➢ Notary v2: Sign and verify artifacts the easy way
➢ ORAS: Promote artifact across registries
➢ Ratify: enables Kubernetes clusters to verify artifact security prior to deployment
➢ Secure Supply Chain in CI/CD pipeline 

Speaker: Feynman Zhou is a product manager working at Microsoft Azure. He is also a CNCF ambassador and an active contributor of Notary v2 and ORAS. Feynman is focusing on software supply chain security. He is also passionate about cloud-native technology. Feynman is the event organizer of Kubernetes Community Days China.

YouTube Streaming: https://www.youtube.com/watch?v=wgaT9lV4ai4

Language: 中文

Speaker

Feynman Zhou

Microsoft Azure

Product Manager

When

Thursday, December 8, 2022
11:00 AM – 1:00 PM (UTC)

Agenda

11:00 AM

Secure Container Supply Chain in Kubernetes the Easy Way

Tons of tools are appearing to make software supply chain easier for everyone and provide security best practices for enterprises. Notary v2 is the next generation of the original signing project Notary, aiming to provide signing and verification capabilities with usability and security. Notation is the CLI tool of Notary v2, which supports creating cryptographic signatures with COSE envelop to container images so that you can make sure that the image someone produced is the same one that you are using, and that it has not been tampered by others. ORAS is a generic OCI registry client for distributing supply chain artifacts across clouds and on-prem. Ratify enables Kubernetes clusters to verify artifact security metadata prior to deployment and admit for deployment only those that comply with an admission policy that you create. In this session, Feynman will demonstrate how to secure your container supply chain with Notation, ORAS, Ratify, and SBOM tool, delivering a secure delivery experience in Kubernetes.

Host

Phil Huang

Microsoft

Senior Cloud Solution Architect

Organizers

CHENG-HAO YANG

Wizigo Inc.

CNTUG Volunteer

See bio

Yuan-Heng,Kuo Yuan-Heng,Kuo

17LIVE

Site Reliability Engineer, 17LIVE

See bio

CONTACT US