《Cloud Native SecurityCon Feb 2023 final.pdf》由会员分享,可在线阅读,更多相关《Cloud Native SecurityCon Feb 2023 final.pdf(8页珍藏版)》请在三个皮匠报告上搜索。
1、A secure software supply chain for OPA policiesOmri Gazitt(omrig, 1,2023OPA policies are important artifacts that need to be securedUse cases K8s admission control(gatekeeper)Configuration policy(conftest)General decision engine(opa)App/API authz(topaz)Requirements Standard image format Build/tag/pu
2、sh/pull Metadata Integrity/signingLF/CNCF projects Open Container Initiative Open Policy Containers OCI annotations Sigstorepolicy:a docker-style workflow for OPA policiespolicy:a docker-style workflow for OPA policieshttps:/ policy images,verify signatureshttps:/ a policy image$opa run c./opa-config.yamlDocs:https:/ a policy imageDocs:https:/topaz.shhttps:/ me!Omri Gazitt(omrig, Slack: here: