⚡️ Enlightning - Ensuring Software Authenticity: Introduction to Notary Project

August 17, 2023

Software vendors use digital signatures to ensure authenticity and integrity of their distributed software. Cloud native workloads require support for signature delivery mechanisms, agility to address emerging needs, and hyper scalability to match application needs. In addition to consuming authentic third party and/or open source software, users also want to ensure the integrity and authenticity of software they develop to enhance software supply chain security. Cloud native workloads can benefit from a signing technology that allows customers to leverage their traditional signing infrastructure and is flexible for future innovations. Meet the Notary Project. In this episode, we will see how Notary Project tooling can be used to sign software artifacts stored in OCI-compliant registries, distributed easily across OCI-compliant registries, and verified for any container deployment, even in air-gapped environments. We’ll talk about concepts like signing schema that enable trusting multiple entities both in-house and third-party; signature formats that enable a variety of cloud-native workloads, from container images, to WASM modules and IoT workloads; and plugins that enable integrations with 3rd party key management and cloud service providers. The tooling is enterprise-ready and allows easy adoption for anyone to start signing their software artifacts. Join us to learn more.

⚡️ Enlightning - Kubernetes Networking

Let’s demystify Kubernetes Networking and Container Network Interfaces (CNIs) with Duffie Cooley and Whitne...

Next Video

⚡️ Enlightning - Keeping Secrets Secret: Secrets Store CSI Driver

Applications running on Kubernetes require access to sensitive information like passwords, SSH keys, and au...

⚡️ Enlightning - Ensuring Software Authenticity: Introduction to Notary Project

Previous

Next Video

Related content in this Stream

SOPS (Secrets OPerationS) is an editor of encrypted files and is a simple way to secure and manage sensitive assets. SOPS supports YAML, JSON, ENV, INI, and binary formats. By being able to integrate

OpenFGA is a flexible authorization engine built for developers and designed to make it easy for them to model their application permissions and add and integrate fine-grained authorization into their

The Open Policy Containers project provides a secure software supply chain for Open Policy Agent (OPA) policies, enabling a policy-as-code workflow for maintainers and consumers of policies to easily

Yahoo developed and open sourced a service authentication and role-based authorization system called Athenz to address the core zero trust principles. Yahoo uses Athenz to bootstrap their instances de

Network Service Mesh takes concepts from traditional L7 application service meshes and brings them down to L3 payloads, enabling your workloads to get the connectivity, security, and observability the

Confidential Containers allow users to run sensitive cloud native workloads in an untrusted cloud. We'll explore how this is possible and how you can use the project with your own workloads. Join h

Explore SPIFFE (Secure Production Identity Framework For Everyone), a CNCF project revolutionizing identity management in cloud-native systems. This session introduces you to SPIFFE’s approach to

As Kubernetes becomes the backbone of modern infrastructure, securing multi-tenant clusters becomes a top priority for platform engineering teams. In this lightboard session, we will delve into the

Keycloak is an open source Identity and Access Management (IAM) solution for modern applications and services. It is designed to secure applications with modern industry standards like OAuth2, OpenID

Hexa Policy Orchestration enables you to manage disparate access policy formats across cloud providers, IAM systems, networks, and data. Join host Whitney Lee and guest Gerry Gebel to learn more!

Security is something we all need, and something we would all love to forget about. 🙂 Kubescape is a CNCF project that helps to secure your clusters easily and quickly. It helps you validate the c

Many kinds of identity providers utilize different architectures and protocols existing in this world. The commonly-spread standard among cloud native applications (including Kubernetes) is now the Op

Now that we have learned so much about networking and service mesh solutions, let’s look at what Cilium can do. Cilium has an answer for each use case that folks adopt a service mesh for, as well as a

Istio is a Graduated CNCF Project that provides application networking for a distributed microservices architecture with built-in traffic engineering, observability, identity, policy, AAA, and encrypt

Service mesh is the future of application connectivity, offering immediate enhancements to your application traffic’s security, reliability, and observability. In this episode of ⚡️ Enlightning, disc

Linkerd is the first service mesh, and it is still - by far - the least stressful way to add security, reliability, and observability to any Kubernetes cluster. Using a mesh to add these critical func

Let’s demystify Kubernetes Networking and Container Network Interfaces (CNIs) with Duffie Cooley and Whitney Lee. We will discuss the Kubernetes networking model and how a CNI makes all the magic happ

Applications running on Kubernetes require access to sensitive information like passwords, SSH keys, and authentication tokens. But how do you configure your applications when the source of truth for

Cloud Custodian, a CNCF incubating project, allows you to use code to manage and automate the enforcement of policies for cloud cost optimization, security, compliance, and operations—all without hind

Secrets management poses a challenging question: how do you effectively create, rotate, and manage access, especially on a large scale? With External Secrets Operator (ESO), you can tap into existing