Cloud Native Rejekts EU (Valencia) 2022

Supply Chain Security with Sigstore and Kyverno
05-14, 15:35–16:05 (Europe/Madrid), Main Room

Everyone has heard about supply chain security in the last year. The Solarwinds hack and President Biden's Cybersecurity Executive order have forced the industry to start taking it seriously. This has resulted in the emergence of credible solutions for addressing provenance concerns in Cloud Native platforms.

This session will begin with an overview of the issues and why they're important, before moving onto look at how we can use tooling to begin addressing them. In particular, we will look at using Sigstore to add provenance data to a container image and Kyverno to verify the data in a Kubernetes cluster.

Finally, we will end with a look at what still needs to be done to truly address our supply chain security issues.

Adrian has been involved with containers from the early days of Docker and authored the O’Reilly book “Using Docker” ( He is currently an engineer at, who are on a mission to secure the software supply chain.