Personal Updates•OCI v1.1 (Referrers API)•Docker BuildKit•Kubernetes and Cloud Security Associate (KCSA)•KCD Pakistan•ko• ContainerPlumbing Day•CDF Ambassador 2023•SLSA 3 Container Generator
🇵🇰 First Kubernetes Community Days event experience with KCD Pakistan
We, with Furkan Türkal, attended the first-ever KCD Pakistan! It was a unique experience for us to be part of one of the Kubernetes Community Days events. So you can reach out to our talk about creating a secure base image with apko using Wolfi OS packages and using it with ko to build OCI-compliant container images, signing them cosign in keyless mode, and verifying them with Kyverno!
🌟 Become a CDF Ambassador in 2023!
A while ago CD Foundation team published a new blog post to announce that the CDF Ambassador Program is now officially open!
Becoming a CDF Ambassador was one of my goals in 2023! So, I'm super excited to announce that I've applied for it, my fingers crossed 🤞
Do not forget to send your applications if you are willing to become one 🙉
💀 Deadline is 28 February, so hurry up; 7 days left!
📦 OCI v1.1 (Referrers API)
Referrers API is one of the newest changes merged to the upstream OCI repository constructed by the OCI Reference Types WG. This API's primary goal is facilitating the map of the software supply chain artifacts such signatures, attestations, and SBOMs with OCI images because there are different ways of doing that today; for example, cosign uses container image tags to store and associate them with the images, on the other hand, BuildKit uses layers to store them and uses annotations to define their types. Undoubtedly, there should be a standard for providing this type of mapping between the two, and this is where Referrers API comes in handy.
Let’s be ready for the future of the OCI 🙉
Start with learning what these Reference Types are with the blog post written by Josh Dolitsky
Brandon Mitchell will become one of your good friends if you want to learn more about Referrers API, here is an excellent presentation made by him:
Another incredible talk was presented at KubeCon 22 NA by Josh Dolitsky & Sajay Antony about how they solved a complex problem of determining how to describe and query relationships between objects stored in an OCI registry. You can find the demo of the talk here on GitHub.
Finally, OCI v1.11 support came to the cosign, and the Sigstore team has achieved a significant milestone!
🐳 New blog posts about the newest BuildKit features are continuing!
Undoubtedly, BuildKit v0.11 is one of the utmost releases in history because it includes many supply chain security features, such as generating both SLSA provenance and Software Bill Of Materials, SBOM for short.
Here is a quick takeaway from Felipe Cruz 🏃♂️💨
➡️ First impressions and learnings on the new BuildKit's supply chain security features
To better understand Docker’s vision of Software Supply Chain Security, you should read the article from Justin Cormack about the best practices of software supply chain security published on the Docker Blog 🧵
➡️ Secure Software Supply Chain Best Practices
📢🥁CNCF announced the new Kubernetes and Cloud Security Associate (KCSA) certification in Q3 2023!
What excellent news for Kubernetes security enthusiasts 🥳
I'm very excited about this new certification exam KCSA because one of today's most critical types of attacks is a software supply chain attack; hopefully, there will be many related questions.
I've already signed up for the KCSA Beta Tester program because this is a perfect opportunity to collaborate with other security folx to design the program's future. Thanks to the Linux Foundation and Chris Aniszczyk for creating such an excellent exam to help the community increase awareness about Kubernetes and Cloud Native Security.
🎊 SLSA 3 Container Generator for GitHub Actions is now GA
SLSA 3 Container Generator for GitHub Actions is also GA after the Generic Generator. You can use them to generate provenances for your containers in CI running on GitHub Actions.
📢🥁Registration for #ContainerPlumbing is now open!
Check out the schedule, and do not forget to register on March 23. ☝️
#ebpf #oci #immutable #containerruntimes #wasm #wasi #nerdctl #referrersapi
➡️ https://containerplumbing.org/schedule
📢🥁A new blog post about ko!
A new blog post about #ko, which is a fast container image builder for #golang applications, just dropped into the line, thanks to theVladimir Vivien🕺🏻
➡️ Build and Publish Lightweight Go Binaries into Container Images with ko