Enlightning
Learn CNCF projects with Whitney and her lightboard ⚡️
Ensuring Software Authenticity: Introduction to Notary Project
Ensuring Software Authenticity: Introduction to Notary Project
Ensuring Software Authenticity: Introduction to Notary Project
Aug 31, 2023
In this episode
Software vendors use digital signatures to ensure authenticity and integrity of their distributed software. Cloud native workloads require support for signature delivery mechanisms, agility to address emerging needs, and hyper scalability to match application needs. In addition to consuming authentic third party and/or open source software, users also want to ensure the integrity and authenticity of software they develop to enhance software supply chain security. Cloud native workloads can benefit from a signing technology that allows customers to leverage their traditional signing infrastructure and is flexible for future innovations. Meet the Notary Project.
In this episode, we will see how Notary Project tooling can be used to sign software artifacts stored in OCI-compliant registries, distributed easily across OCI-compliant registries, and verified for any container deployment, even in air-gapped environments. We’ll talk about concepts like signing schema that enable trusting multiple entities both in-house and third-party; signature formats that enable a variety of cloud-native workloads, from container images, to WASM modules and IoT workloads; and plugins that enable integrations with 3rd party key management and cloud service providers. The tooling is enterprise-ready and allows easy adoption for anyone to start signing their software artifacts. Join us to learn more.
\(^-^)/
Guests
Milind Gokarn
Milind Gokarn is a maintainer of the Notary Project and a Senior Software Engineer at AWS. He is the lead developer on AWS Signer, a managed AWS service for code signing. He is passionate about using cryptography to reliably and scalably solve security problems while simplifying the developer experience. He has over 19 years of experience in software development, with experience in cloud computing, automotive, retail, and oil and gas sectors.
Toddy Mladenov
Toddy has over 25 years of experience in software engineering and design, consulting, and product management for companies like Microsoft, T-Mobile, and SAP. He started his cloud journey 13 years ago as part of the Azure team. Since then, Toddy worked on large-scale cloud implementations using Azure and AWS by utilizing cloud-native technologies. Now, he is part of Azure Containers Upstream team and is responsible for container supply chain security for Azure services and customers. He is also a maintainer of Notary Project.
Hosts
Whitney Lee
Whitney is a lovable goofball who enjoys understanding and using tools in the cloud native landscape. Creative and driven, Whitney recently pivoted from an art-related career to one in tech. She is a CNCF Ambassador and active in the open source community. You can catch her lightboard streaming show ⚡️ Enlightning on Tanzu.TV. And not only does she rock at tech - she literally has toured playing in the band Mutual Benefit on keyboards and vocals.