Speaker(s): Mark Bestavros
---
Modern organizations are subject to ever-increasing expectations for security and regulatory compliance in their software supply chains. How can appropriate checks be performed simply and easily?
In this talk, Mark will discuss how Enterprise Contract (or EC) works as a simple decision engine that can help enforce the necessary provenance, regulatory compliance, and security requirements imposed on container images. Users can express a policy configuration and requirements that EC will enforce. This user-friendly system can verify image signatures, ensure attestations match the expected public key, check for CVE alerts, and more in an easily encoded manner. EC leverages the Open Policy Agent’s widely-used Rego rule system to provide an extensible interface for evaluating container attributes, allowing enterprises to more easily standardize on supply chain security expectations.
Additionally, Mark will discuss and show the process for building an image, verifying it using EC, and customizing the enforced policies with a live demo.
---
Full schedule, including slides and other resources:
pretalx.com/de...