Cloud Native Rejekts EU (Valencia) 2022

Supply Chain Security with Sigstore and Kyverno
2022-05-14, 15:35–16:05, Main Room

Everyone has heard about supply chain security in the last year. The Solarwinds hack and President Biden's Cybersecurity Executive order have forced the industry to start taking it seriously. This has resulted in the emergence of credible solutions for addressing provenance concerns in Cloud Native platforms.

This session will begin with an overview of the issues and why they're important, before moving onto look at how we can use tooling to begin addressing them. In particular, we will look at using Sigstore to add provenance data to a container image and Kyverno to verify the data in a Kubernetes cluster.

Finally, we will end with a look at what still needs to be done to truly address our supply chain security issues.