使用Notary项目、ORAS和Harbor来保障CI/CD中的容器供应链安全 | KC23

Securing Container Supply Chain in CI/CD with Notary Project, ORAS and Harbor - Yan Wang, Yi Zha

使用Notary项目、ORAS和Harbor来保障CI/CD中的容器供应链安全 | Securing Container Supply Chain in CI/CD with Notary Project, ORAS and Harbor - Yan Wang, VMWare; Yi Zha, Microsoft

容器镜像已成为创建和部署容器化工作负载的常见方式，可以在不同环境和基础设施中实现一致运行。然而，在当今快节奏的软件开发环境中，确保容器镜像和OCI（开放容器化基础设施）工件的安全性和完整性是一个关键挑战。

用户经常询问如何在生产环境中仅部署经过验证、没有漏洞并符合政策的容器镜像。如何确保OCI工件来自您的组织，在部署到生产环境之前没有被篡改。

本演讲将重点解决这些问题，演示如何将Harbor、Notary Project和ORAS等开源技术集成到CI/CD流程中，以提供强大的安全性，并确保容器镜像和相关供应链工件的完整性。

Container images have become a common way to create and deploy containerized workloads that can run consistently across different environments and infrastructures. However, ensuring the security and integrity of Container images and OCI artifacts is a critical challenge in today's fast-paced software development environment.

Users often ask how they can deploy only trusted, vulnerability-free, and policy-compliant container images in the production environment. How they can ensure that OCI artifacts are from your organization and have not been tampered with before deployment in the production environment.

This talk will focus on addressing these concerns by demonstrating how open-source technologies like Harbor, Notary Project and ORAS can be integrated into a CI/CD pipeline to provide robust security and ensure the integrity of container images and associated supply chain artifacts.

CNCF概况（幻灯片）

扫描二维码联系我们！

CNCF (Cloud Native Computing Foundation)成立于2015年12月，隶属于Linux  Foundation，是非营利性组织。 

CNCF（云原生计算基金会）致力于培育和维护一个厂商中立的开源生态系统，来推广云原生技术。我们通过将最前沿的模式民主化，让这些创新为大众所用。请关注CNCF微信公众号。