Conference:  KubeCon + CloudNativeCon Europe 2023

Authors: Justin Cormack, Toddy Mladenov

2023-04-21

The presentation discusses the importance of standards in supply chain security and the ongoing efforts to incorporate transparency logs and metadata into software in the container ecosystem.

• Verifying identity and large entities is important in supply chain actions
• Working with the SKET project to build a transparency log and record identities and signatures
• Incorporating additional metadata around supply chains, such as S-BOMs and SPGX, to have more fine-grained controls
• Proposing a new sub-project of Notary to directly store TUF repository metadata in the registry
• Seeing Notary projects as a home for a set of standards around supply chain security

Conference:  KubeCon + CloudNativeCon North America 2022

Authors: Justin Cormack

2022-10-27

This talk gives an overview of the status of the Notary project, and the Notary v2 work, and the context in the broader ecosystem. Supply chain security is becoming increasingly critical and its importance has been recognised, but the ecosystem of tools around this is confusing. So this talk will cover the context of the key ideas, including the TUF and in-toto projects and how they relate to the security outcomes people want to achieve.

Conference:  KubeCon + CloudNativeCon Europe 2022

Authors: Steve Lasker, Justin Cormack

2022-05-18

Notary v2 is a community project to solve the issues that the existing Notary project has that have hindered widespread adoption. The project is a community initiative with the main registry operators, including Docker, Microsoft and Amazon, as well as a broad community of other interested parties and end users. This talk will cover an overview of the project status and cover the open issues and current working areas for the project, around formats and standardisation, open security issues and future work.Click here to view captioning/translation in the MeetingPlay platform!