Securing Cloud-Native Workloads: Hands-On with Notary Project, ORAS, and Ratify

95 min watch

Meet the Cast

David Flanagan HOST

David Flanagan

@rawkode

Weekly Cloud Native insights

Stay ahead in cloud native

Tutorials, deep dives, and curated events—no fluff.

In the cloud-native ecosystem, maintaining a secure software supply chain for cloud-native workloads is essential. This session will provide real-world examples of how to use open-source tools Notary Project, ORAS and Ratify to ensure the integrity and authenticity of cloud-native workloads on Kubernetes.

  • Background
  • Why ensuring integrity and authenticity?
  • End-to-End sign and verification experience
  • CNCF project Notary Project intro
  • CNCF project Ratify intro
  • CNCF project ORAS intro
  • Set up environment
  • Prepare your container images
  • Sign your container images
  • Publish your container images and signatures to production
  • Set up Ratify and policies
  • Deploy your container images on K8s and check results
  • What’s next

Related Videos

Fuck you, Hashicorp ... an IBM Company.
6:43

Fuck you, Hashicorp ... an IBM Company.

HashiCorp archived the repo without warning. Here is why their excuse about "product market fit" is a lie.

[object Object]
Replace Your GitHub Actions YAML with CUE
19:58

Replace Your GitHub Actions YAML with CUE

Are you tired of copy-pasting YAML between repositories only to be bitten by typos after pushing?

[object Object]
MinIO, we won't miss you.
6:09

MinIO, we won't miss you.

MinIO just announced maintenance mode for their community edition — and honestly? Good riddance.

[object Object][object Object]
Relaunching Klustered ... with Heroku Vibes
11:18

Relaunching Klustered ... with Heroku Vibes

Building and Launching a Marketing Page on Heroku with AI in Under 20 Minutes

[object Object]