Securing Container Images and Binaries with Cosign and Sigstore

Supply Chain Security is a critical concern for any organization today, with ecosystem attacks and adversaries targeting supply-chains, there's a desperate need to secure them. This is especially true with Containers. Cloud-Native Tech has burst onto the scene and containers are a preferred deployment model on the cloud. From FaaS to Kubernetes, Containers are ubiquitous. However, securing them from supply chain attacks has thus far been a problem. Cosign, an Open Source Project presents a powerful approach to securing containers against supply-chain compromises. In this live-code session, Abhay explores cosign for containers and binaries. Chapters: 0:00 Overview 02:56 Why use Cosign? 04:22 Supply chain attack components 09:50 Why Cosign is effective? 11:00 Live code with Cosign

#supplychainsecurity #appsec #livecode #containersecurity ... https://www.youtube.com/watch?v=GzcidLyIZ_4