Checking the Chains at the Gate: Building Supply Chain Policies with Gatekeeper and Ratify

This talk explores how to enhance Kubernetes security by building supply chain policies using Gatekeeper and Ratify. Learn how to leverage Gatekeeper's external data feature with Ratify to verify external artifacts, such as image signatures and SBOMs, before admitting workloads into your clusters. The presentation covers using OCI registries with the 'refers' API for artifact management and demonstrates how to build custom verifier plugins for Ratify to enforce specific compliance requirements.