strengthening-container-security-a-collaborative-journey-jdaepzha-xiao-yi-zha-microsoft-beltran-rueda-borrego-vmware-part-of-broadcom.pdf

1、Strengthening Container Security:A Collaborative JourneyBeltran Rueda,Sr Eng Manager,VMWare Tanzu/BroadcomYi Zha,Senior Product Manager,MicrosoftAbout usYi ZhaSr Product Manager at MicrosoftMaintainer at CNCF project Notary ProjectCloud Native Supply Chain Security and EcosystemBeltran RuedaSr Engin

2、eering Manager at VMware Tanzu(Broadcom)+16 years as part of the Bitnami projectSecure Software Supply Chain,Continuous Delivery,Kubernetes native solutionsAgenda-Background-How Bitnami solves the problems?-Notary Project-Authenticity and Integrity-OCI specification-Storage and Distribution-Demo-Tak

3、eaways-Q&ABackgroundWebserverAppCacheDatabaseLogsEnvironmentYour modern application architectureQuestions1.How can I ensure images are from trusted identities?2.How can I ensure images are not modified since built?3.How can I ensure images are distributed securely across registries,even in multi-clo

4、uds environment?How Bitnami solves the problems?Language RuntimesApp Components Supporting AppsContainers,Helm Charts,Virtual MachinesR RedisTrusted catalog of+240 OS applications in multiple formats all of them built,tested&up-to-date How Bitnami solves the problems?BuildBuild the Application from

5、sourceScanGenerate SBOMCVE ScanAnti-Virus ScanVEX documentsTestMultiple Kubernetes versions and distributionsSignApplications and MetadataAttestationPublishSigned ContainersHelm Charts and Metadata delivered to customers private OCI-compliant RegistryPackageCustom base imagesCustom configs You choos

6、e the applications needed for your private catalog.We build,test and deliver them,and we keep them up to dateSigned artifacts at Bitnami and Tanzu Application CatalogBitnamiContainer images signed with NotationUp-to-date and available in DockerHubTanzu Application Catalog(TAC)Sig