Project Lightning Talk: Protect your Kubernetes Clusters with Ratify and Attestations - Yi Zha
Yi Zha
KubeCon + CloudNativeCon Europe 2025 · Project Lightning Talk
In the rapidly evolving landscape of cloud-native development, securing the software supply chain has become a paramount concern. Yi Zha, a maintainer of the Notary Project and now Ratify, delivered a concise yet insightful talk at KubeCon EU, introducing **Ratify**—a critical sandbox project designed to safeguard the integrity and authenticity of artifacts deployed within Kubernetes clusters. This presentation highlighted Ratify's capabilities as a pluggable verification engine, emphasizing its role in enforcing security policies across the cloud-native supply chain by leveraging **attestations**.
AI review
This KubeCon talk by Yi Zha introduces Ratify, a crucial open-source project designed to harden Kubernetes supply chain security. It moves beyond basic image signatures, emphasizing the verification of critical associated artifacts like SBOMs and vulnerability reports via attestations. The presentation details Ratify's pluggable architecture, its integration with OPA/Gatekeeper for policy enforcement, and its support for various signing mechanisms and OCI artifacts. While not a live exploit demo, it provides a clear, technically sound overview of a significant defensive innovation for…