Did you sign this (image)? - Jan Bruder
HTML-код
- Опубликовано: 18 сен 2024
- The rise of micro-service architecture and use of distributed systems, such as Kubernetes, create complex chains of dependencies that render modern applications more vulnerable to software supply chain attacks.
To safeguard against such threats in container-based application deployments, it is critical to ensure that all images come from a trusted source and have not been tampered with. An effective way to achieve this is the use and validation of digital signatures. But while this appears like a simple solution, it can prove to be challenging to put into practice.
This session will introduce you to the concepts and goals of container image signing and attestation. We will discuss the technical details and benefits of keyless signing and how to automate the verification of image signatures for all Kubernetes workloads. Finally, we will walk through several techniques and tooling that make it easier to integrate image verification into your own software delivery lifecycle.
About the speaker:
Jan Bruder is a solution architect at SUSE with a focus on cloud-native technologies, particularly containers and Kubernetes. He has several years of experience working with large enterprise organizations on the adoption of Kubernetes and has contributed to multiple open source projects as a developer.
