Securing our Software Supply Chains is something that we really need to tackle and make as simple as possible.
When we work to secure our software supply chain, there are many aspects we must consider. One of the key aspects is how to attest that a specific image has passed through our supply chain and is indeed the image we think it is and that is hasn’t been tampered with.
We also must consider how to validate images built externally and how to ensure they don’t have malware hidden within them that sometimes may not come up in a simple image scan.
In this demo we discuss and demonstrate, how we can achieve these goals using cosign and Prisma Cloud sandboxing technologies.