Project Lightning Talk: Notary Project: Securing Binary Artifacts with Fine-grained Control - Yi Zha
Yi Zha
KubeCon + CloudNativeCon Europe 2025 · Project Lightning Talk
In an era marked by escalating cyberattacks targeting the software supply chain, ensuring the authenticity and integrity of digital artifacts has become paramount. This talk, delivered by Yi Zha, a maintainer of the Notary Project, provides an overview of the project's foundational capabilities and introduces a significant new feature: the ability to sign arbitrary blob files. The Notary Project offers a standard-based solution designed to help developers and organizations ascertain that the artifacts they consume originate from trusted sources and have not been tampered with since their creation.
AI review
This talk from a Notary Project maintainer outlines a crucial new capability: signing arbitrary blob files. This expands the project's utility beyond OCI images, addressing a significant blind spot in software supply chain security. The discussion of standards, workflow, and fine-grained trust policies provides valuable context and actionable insights for defenders. While a live demo would have elevated the presentation, the technical content is robust and highly impactful.