Sched应用程式允许您创建日程,但不能替代您的活动注册。您必须先注册KubeCon + CloudNativeCon + Open Source Summit China 2023 才能参加会议。如果您还未注册但希望加入我们,请前往活动注册页面购买注册。

请注意:此日程以中国标准时间(UTC +8)自动显示。若要查看您首选时区的日程,请从右侧顶部的"Timezone"下拉菜单选择首选时区。日程可能会有变动,并且会议席位按照先到先得的原则提供。

September 26-28
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon + Open Source Summit China to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in China Standard Time (UTC +8). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
Back To Schedule
Wednesday, September 27 • 11:00am - 11:35am
使用Kyverno和Notary在GitOps中摆脱安全链攻击 | Kicking Security Chain Attacks to the Curb with Kyverno and Notary in GitOps - Shuting Zhao, Nirmata & Feynman Zhou, Microsoft

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
由于供应链倡议推动了对容器镜像的分发分离签名和签名SBOM的需求,需要引用类型来补充OCI注册表中的信息。借助OCI v1.1规范中的引用API的支持,将软件供应链工件与容器镜像关联变得非常容易,在内容分发中。它还允许像Kyverno这样的策略工具在部署前使用供应链工件的数据进行安全检查。 现代的Kubernetes部署包含多个应用程序、集群和环境,尤其是在大型组织中。如何验证图像的完整性、安全性和合规性,以便规模化管理应用程序? 在本次会议中,Feynman Zhou和Shuting Zhao将展示如何使用CNCF项目(如Notary、Kyverno和ORAS)建立容器镜像的信任,并验证资源。他们将演示如何在GitOps中实施这些工具,以提高软件供应链的安全性。

As supply chain initiatives drove the need for distributing detached signatures for container images and signed SBOM, reference types are required to supplement the information to the OCI registry. With the support of referrers API in OCI v1.1 Spec, it becomes extremely easy to associate software supply chain artifacts with container images in content distribution. It also allows policy tools like Kyverno to consume the supply chain artifact’s data for security checks pre-deployment. Modern Kubernetes deployments contain multiple applications, clusters, and environments, especially in large organizations. How to verify the image integrity, security, and compliance to manage applications at scale? In this session, Feynman Zhou and Shuting Zhao will showcase how you can establish trust for container images and verify resources using CNCF projects like Notary, Kyverno, and ORAS. They will demonstrate how to implement these tools in GitOps to improve software supply chain security.

avatar for Shuting Zhao

Shuting Zhao

Staff Engineer, Nirmata
Shuting Zhao is a Kyverno maintainer and a Staff Engineer at Nirmata. Her passion for open source extends beyond her professional role, as she has also taken on the role of mentor for several LXF mentorship programs since March 2021, she enjoys helping others contribute to open source... Read More →
avatar for Feynman Zhou

Feynman Zhou

Product Manager, Microsoft
Feynman is a product manager for Microsoft Azure. He is also a maintainer of the CNCF Notary and ORAS projects and an active contributor of Ratify. Feynman has been contributing to multiple CNCF projects for six years and now is focusing on the software supply chain security area... Read More →

Wednesday September 27, 2023 11:00am - 11:35am CST
3夹层 3M1会议室 | 3M Room 3M1
  供应链安全 | Supply Chain Security