SOSS Community Day Europe 2024

In today's rapidly evolving tech landscape, ensuring that container images comply with organizational policies is paramount for maintaining security. Join us for an insightful session on leveraging the open-source Enterprise Contract ecosystem to enforce these policies effectively within your organization. In this session, we will delve into how Enterprise Contract utilizes Sigstore signatures, in-toto attestations, and other tamper-proof sources to enforce organization policies. Although Enterprise Contract is a CI agnostic tool, we will focus on the Tekton ecosystem. Key points covered will include: 1. The critical role of ensuring container images meet organizational policies. 2. How Enterprise Contract enforces policies using secure and tamper-proof sources. 3. Configuring policies to validate specific Tekton Tasks, like code scanners, have been executed during the container image build process. This session is designed for attendees already familiar with the Sigstore community project, though true beginners are also encouraged to join. By the end of this session, participants will understand how to go beyond simple signature checks to validate their container images.