Malicious Compliance: Reflections on Trusting Container Scanners
36 min

Malicious Compliance: Reflections on Trusting Container Scanners

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Ian Coldwater Duffie Cooley Brad Geesaman Rory McCune
container-scanning kubernetes security vulnerability-management docker sbom ci-cd supply-chain-security policy-as-code cloud-native alpine-linux go
Securing the Container Supply Chain with Notary
36 min

Securing the Container Supply Chain with Notary

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Justin Cormack Toddy Mladenov
container-security supply-chain-security notary docker microsoft oci kubernetes signing sbom in-toto key-management
Secure Your Project with the SIG Release Supply Chain Kit
30 min

Secure Your Project with the SIG Release Supply Chain Kit

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Adolfo García Veytia Carlos Panato
supply-chain-security sbom slsa container-signing github-actions ci-cd kubernetes release-engineering provenance cosign six-store software-supply-chain
In-Toto: Attestations and More for Software Supply Chain Security
35 min

In-Toto: Attestations and More for Software Supply Chain Security

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Aditya Sirish A Yelgundhalli
software-supply-chain-security in-toto attestation sbom slsa kubernetes ci-cd container-security policy-enforcement digital-signatures provenance
Checking the Chains at the Gate: Building Supply Chain Policies with Gatekeeper and Ratify
37 min

Checking the Chains at the Gate: Building Supply Chain Policies with Gatekeeper and Ratify

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Jeremy Rickard
kubernetes supply-chain-security gatekeeper ratify opa rego oci admission-controller policy-as-code sbom ci-cd
Improve Vulnerability Management with OCI Artifacts – It Is That Easy!
36 min

Improve Vulnerability Management with OCI Artifacts – It Is That Easy!

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Itay Shakury Toddy Mladenov
vulnerability-management oci-artifacts sbom supply-chain-security container-security trivy notary oras cicd kubernetes container-registry signing
Silly Gooses, Let's Make Sense of the Security Supply Chain, Together
24 min

Silly Gooses, Let's Make Sense of the Security Supply Chain, Together

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Grace Nguyen
supply-chain-security salsa sigstore cosign fulcio rekor sbom attestation provenance container-security cloud-native-security kubernetes
From SBOMs to IBOMs - Know What's Happening in Your Clusters
31 min

From SBOMs to IBOMs - Know What's Happening in Your Clusters

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Cindy Blake Ido Neeman
sbom ibom cloud-native infrastructure-management security supply-chain-security asset-management kubernetes compliance cost-optimization attack-surface-management drift-detection