Signed, Sealed, Delivered - Sign and Verify All the Things - Jeremy Rickard, Microsoft
Jeremy Rickard, Microsoft
KubeCon + CloudNativeCon Europe 2025 · Session
In the rapidly evolving landscape of cloud-native development, securing the software supply chain has become a paramount concern. Jeremy Rickard, a Principal Software Engineer at Microsoft Azure and co-chair of SIG Release in the Kubernetes project, delivered a compelling talk at KubeCon EU addressing this challenge. His presentation, "Signed, Sealed, Delivered - Sign and Verify All the Things," delved into the critical importance of signing and verifying **OCI artifacts** to ensure the authenticity and integrity of resources deployed within Kubernetes environments.
AI review
Dr. Rickard delivered a no-nonsense, technically robust blueprint for securing the cloud-native software supply chain. He cut through the usual buzzword-laden solutions to demonstrate a practical, end-to-end framework using exclusively mature CNCF projects. By focusing on mirroring, scanning, cryptographic signing via Notation, and strict deployment-time verification for all OCI artifacts with Kyverno and Flux, this talk provided an actionable, open-source-driven path for organizations to take control of their dependencies and drastically reduce the attack surface. It moved beyond…