The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.
Please note: This schedule is automatically displayed in British Summer Time (BST) (UTC +1). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis.
Attestations consist of authenticated statements about a software artifact or a collection of artifacts, as defined by the SLSA attestation. Examples include signed provenance files or signed SBOM files for container images. Attestations are vital for ensuring the integrity and trustworthiness of the software supply chain for container images.
Ratify, a CNCF sandbox project, provides a comprehensive framework for verifying artifact security metadata, such as signatures and attestations, to ensure artifacts are trustworthy and compliant before they are used.
In this lightning talk, Yi Zha will give an overview of the Ratify project and attestations, and a demo showcasing using Ratify for securing K8s deployments through attestation verification. Attendees will gain valuable insights into improving their Kubernetes security posture by leveraging Ratify's capabilities.
