Securing Cloud-Native Workloads: Hands-On with Notary Project, ORAS, and Ratify

In the cloud-native ecosystem, maintaining a secure software supply chain for cloud-native workloads is essential. This session will provide real-world examples of how to use open-source tools Notary Project, ORAS and Ratify to ensure the integrity and authenticity of cloud-native workloads on Kubernetes.

• Background
• Why ensuring integrity and authenticity?
• End-to-End sign and verification experience
• CNCF project Notary Project intro
• CNCF project Ratify intro
• CNCF project ORAS intro
• Set up environment
• Prepare your container images
• Sign your container images
• Publish your container images and signatures to production
• Set up Ratify and policies
• Deploy your container images on K8s and check results
• What’s next