Supply Chain Security
Modern infrastructures increasingly rely on automation and the integration of open source and third-party solutions. Besides the enormous advantages, the risk and prevalence of supply chain attacks is also growing. Supply chain attacks do not target the runtime system itself, but the sources of its components. This can be the internal build pipeline or an external vendor. Here, cyber criminals benefit from the limited influence and visibility that target systems have towards their suppliers.
Supply chain attacks increased fourfold in 2021
Supply Chain Security for Kubernetes
The open source tool Connaisseur is aimed at protecting the supply chain for Kubernetes clusters. Connaisseur acts as an admission controller that verifies signatures of container images before deployment to the cluster. As such, it intercepts resource creation or update requests sent to the Kubernetes cluster, identifies all container images and verifies their signatures against pre-configured public keys. Based on the result, it either accepts or denies those requests. Thus, Connaisseur ensures integrity as well as provenance of container images in a Kubernetes cluster.
Begin improving your Kubernetes Supply Chain in only a matter of minutes
Connaisseur is developed under three core values: Security, Usability, Compatibility. It supports different signature solutions and provides additional features to allow seamless and sustainable Kubernetes supply chain security tailored to modern development organizations. Connaisseur is aimed at advancing the overall community and we therefore encourage everyone to contribute via discussions, issues or direct pull requests. Getting started with Connaisseur is only a matter of minutes, so try it out!