Upgrade to Pro — share decks privately, control downloads, hide ads and more …

What's in your Container? Securing the Software...

Avatar for Adrian Kosmaczewski Adrian Kosmaczewski
February 17, 2026
Technology
0
2

What's in your Container? Securing the Software Supply Chain without Slowing Down

How do we secure massive, complex supply chains without slowing your developers down to a crawl? This talk provides a simple preview to Red Hat's Trusted Software Supply Chain, based on three pillars: Transparency through the Trusted Profile Analyzer; Identity, thanks to the Trusted Artifact Signer; and Guardrails, with the Advanced Cluster Security for Kubernetes.

Talk presented at the 2026 Red Hat Summit Connect Switzerland event in January 14th, 2026.

Video available: https://www.youtube.com/watch?v=IjO95cHLzNY

Avatar for Adrian Kosmaczewski

Adrian Kosmaczewski

February 17, 2026
Tweet

More Decks by Adrian Kosmaczewski

See All by Adrian Kosmaczewski
Managing Fleets of Kubernetes Clusters with GitOps
Avatar for Adrian Kosmaczewski akosma
4
280
DevOps in Switzerland from 2018 to 2022
Avatar for Adrian Kosmaczewski akosma
4
350
APPUiO Cloud
Avatar for Adrian Kosmaczewski akosma
2
770
Introduction to K8up
Avatar for Adrian Kosmaczewski akosma
0
420
Creating Products through DevOps: The Story of VSHN
Avatar for Adrian Kosmaczewski akosma
0
280
Everyday Life of an Open-Source Company: The Story of VSHN
Avatar for Adrian Kosmaczewski akosma
0
360
Creating a Product through DevOps: The Story of APPUiO Cloud
Avatar for Adrian Kosmaczewski akosma
0
740
Migrating the GitLab–Kubernetes Integration from Certificates to the Agent
Avatar for Adrian Kosmaczewski akosma
0
580
APPUiO Cloud: Making of a Swiss PaaS
Avatar for Adrian Kosmaczewski akosma
0
280

Other Decks in Technology

See All in Technology
横断SREがSRE社内留学制度 / Enablingになぜ踏み切ったのか
Avatar for adachi.ryo rvirus0817
0
180
配列に見る bash と zsh の違い
Avatar for kazzpapa3 kazzpapa3
3
190
pool.ntp.orgに ⾃宅サーバーで 参加してみたら...
Avatar for Fuminori -Tany- Tanizaki(谷崎文義) tanyorg
1
2.4k
(技術的には)社内システムもOKなブラウザエージェントを作ってみた!
Avatar for Har1101 har1101
0
430
マネージャー視点で考えるプロダクトエンジニアの評価 / Evaluating Product Engineers from a Manager's Perspective
Avatar for hiro-torii hiro_torii
0
250
20260204_Midosuji_Tech
Avatar for Takuya Yonezawa takuyay0ne
1
170
生成AIで始める業務改革 - 製造業編 in 福島 -
Avatar for Daiki Kanemitsu daikikanemitsu
2
470
OpenShiftでllm-dを動かそう!
Avatar for jpishikawa jpishikawa
0
190
意外と知ってそうでしらない、Reserved Instances の世界
Avatar for Yuji Masaoka | まっぴぃ mappie_kochi
0
100
モダンUIでフルサーバーレスなAIエージェントをAmplifyとCDKでサクッとデプロイしよう
Avatar for みのるん minorun365
5
260
OCI Database Management サービス詳細
Avatar for oracle4engineer oracle4engineer
PRO
1
7.4k
ランサムウェア対策としてのpnpm導入のススメ
Avatar for Satoru Ishikawa ishikawa_satoru
0
290

Featured

See All Featured
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs
Avatar for Ines Montani inesmontani
PRO
3
3.1k
Keith and Marios Guide to Fast Websites
Avatar for Keith Pitt keithpitt
413
23k
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
Avatar for David Carrasco davidcarrasco
1
58
Designing Powerful Visuals for Engaging Learning
Avatar for Mike Taylor tmiket
0
240
Organizational Design Perspectives: An Ontology of Organizational Design Elements
Avatar for Dr. Kim W Petersen kimpetersen
PRO
1
490
A better future with KSS
Avatar for Kyle Neath kneath
240
18k
Speed Design
Avatar for Sergey Chernyshev sergeychernyshev
33
1.5k
First, design no harm
Avatar for Per Axbom axbom
PRO
2
1.1k
Kristin Tynski - Automating Marketing Tasks With AI
Avatar for Tech SEO Connect techseoconnect
PRO
0
160
GraphQLとの向き合い方2022年版
Avatar for Yosuke Kurami quramy
50
14k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
Avatar for Irina Nazarova irinanazarova
9
1.2k
Making the Leap to Tech Lead
Avatar for Ryan Cromwell cromwellryan
135
9.7k

Transcript

  1. Securing the Software Supply Chain without Slowing Down What’s in

    your Container? Adrian Kosmaczewski Senior Architect Red Hat

  2. Adrian Kosmaczewski Senior Architect Red Hat

  3. Act 1 The "Black Box" Problem

  4. 4

  5. 5

  6. Software is assembled, not written

  7. https://static.carahsoft.com/concrete/files/1617/1597/8665/2024_Open_Source_Security_and_Risk_Analysis_Report_WRAPPED.pdf

  8. Speed

  9. “Typosquatting” “requessts”

  10. None
  11. None

  12. Do you know what is running in your infrastructure?

  13. We need the digital equivalent of a nutrition label

  14. Act 2 The Three Pillars

  15. 15

  16. Transparency, Identity, and Guardrails

  17. 1. Transparency

  18. SBOM

  19. (Software Bill of Materials)

  20. https://github.com/anchore/syft

  21. https://developers.redhat.com/products/trusted-profile-analyzer

  22. 22 https://github.com/CycloneDX/bom-examples/blob/master/SBOM/keycloak-10.0.2/bom.json

  23. 2. Identity

  24. None
  25. None

  26. 26 https://www.sigstore.dev/

  27. https://developers.redhat.com/products/trusted-artifact-signer

  28. None
  29. None

  30. 3. Guardrails

  31. None

  32. https://www.redhat.com/en/technologies/cloud-computing/openshift/advanced-cluster-security-kubernetes

  33. Container built on developer laptop?

  34. None

  35. Container signed with the key of another department?

  36. None

  37. Container image built and signed by the trusted application pipeline?

  38. None

  39. Fundamental Shift on our Security

  40. 40

  41. 41

  42. Act 3 The Architecture of the Factory Floor

  43. 43

  44. 44

  45. 45

  46. 46

  47. 47 $ podman build -t quay.io/developer/some-image . $ podman push

    quay.io/developer/some-image $ oc new-app quay.io/developer/some-image

  48. Conclusion

  49. Trust.

  50. Security ≠ “Department of No”

  51. Trusted Software Supply Chain

  52. 52

  53. Secure way == Easiest way

  54. Sovereignty

  55. None

  56. linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHat Thank you