Distributing Supply Chain Artifacts with OCI & ORAS Artifacts - Steve Lasker, Microsoft

less than 1 minute read

Abstract

In a world of continuous supply chain attacks, secure distribution matters more than ever. Your images are now signed, with systems bill of materials (SBOM) and frequent scan results. How will you consume them from public endpoints, promoting them across environments into private network environments where there’s no external access? ORAS Artifacts lifts OCI Artifacts to the next level by enabling graphs of artifact relationships to be established. When you archive or delete any given container image, the related artifacts are archived or deleted as well, providing predictable lifecycle management. ORAS Artifacts enable you to build upon the hardened, performant, securely distributed registries you’re already using. Come see how registries are evolving, enabling all your cloud-native artifacts to be distributed from the public registries to your private environments, wherever they may be.Click here to view captioning/translation in the MeetingPlay platform!

Sched URL

Video