Securing Kubernetes release artifacts and workload integrity

Attacks on enterprise software build systems have demonstrated the need to protect the integrity of software solutions from coding through to production operations. This can be done by employing secure software supply chain concepts and components. Policies and software supply chain artifacts provide centralized control over risk mitigation, and the knowledge graph provides increased risk assessment insights across the entire software supply chain.

A software supply chain typically refers to all the components and processes required to successfully build, distribute, and deploy a product. This is made up of everything from the source code, to the code repos and artifact registries, to the build servers, and to the deployment and operating systems/tools.

Protecting the Kubernetes software supply chain

Attacks against the supply chain come in a variety of forms, from a direct attack on a company's software build system to the compromise of a third-party dependency. In an infamous attack, hackers infiltrated SolarWinds' build system Untangling Disinformation to inject malicious code into their widely used enterprise management products, enabling severe attacks against SolarWinds' customers. In an attack against Log4j, the ubiquitous open-source Java logging framework, malicious code was added to the Log4Shell tool. This enabled attacks against Log4j users, leading to exfiltrated data, injection of malicious content, and/or takeover of targeted systems.

There is an urgent need to mitigate these risks across the software supply chain by improving security controls. This has been widely acknowledged by authoritative organizations. For example:

Creating a secure software supply chain for AKS workloads

The following pages discuss a proven secure software supply chain solution for AKS workloads:

For more information