Securing software supply chains remains a top priority for DevOps teams. In a prior post, we discussed the A MAP framework for Kubernetes supply chain security. In this post, we will discuss how supply chain security can be implemented using Nirmata Policy Manager and Venafi CodeSign Protect.
With supply chain attacks on the rise, securing the software supply chain has become a requirement for DevOps teams building cloud-native applications on Kubernetes. Signing the container image is typically the very first step in securing software supply chains. The modern application development and deployment process is highly automated with platforms like Kubernetes & Github at the heart of continuous integration (CI) and continuous delivery (CD) practices. Any additional steps required for signing and verifying container images need to be automated as well so that software development agility can be maintained.
Read the original article:
