Securing Cloud-Native Workloads: Hands-On with Notary Project, ORAS, and Ratify
In the cloud-native ecosystem, maintaining a secure software supply chain for cloud-native workloads is essential. This session will provide real-world examples of how to use open-source tools Notary Project, ORAS and Ratify to ensure the integrity and authenticity of cloud-native workloads on Kubernetes.
- Background
- Why ensuring integrity and authenticity?
- End-to-End sign and verification experience
- CNCF project Notary Project intro
- CNCF project Ratify intro
- CNCF project ORAS intro
- Set up environment
- Prepare your container images
- Sign your container images
- Publish your container images and signatures to production
- Set up Ratify and policies
- Deploy your container images on K8s and check results
- What’s next
Related Videos
Platform Engineering: Asking "Why"? with Evelyn Osman
Today we had some long conversations about Arc Bash and the future of scripting as well as platforms and the rise and fall of Kubernetes.
Hands-on with Headlamp: The Kubernetes UI
Join us as we explore Headlamp — an extensible, user-friendly Kubernetes UI. We’ll walk through installing, configuring, customizing, and using it in real time.
Introducing Wassette: Securing MCP with WebAssembly
Microsoft just announced Wassette — a security-oriented runtime that bridges WebAssembly Components with the Model Context Protocol (MCP).
MCP Servers for Rust Developers
Join us live as we explore three powerful MCP servers that will transform how you develop and deploy Rust applications!
Comments