Notary v2: Redesigning the Secure Supply Chain for Containers

Justin Cormack, Omar Paul, Steve Lasker at KubeCon + CloudNativeCon North America 2020

The Notary v2 project was launched at Kubecon North America in 2019, as a joint community effort to resolve issues with the first generation Notary, which was launched five years ago. Since then we have learned a lot about how containers are used in practise and the security requirements, and Notary v2 builds on that experience from the whole community. The protocols are OCI registry native and designed to improve the supply chain security of the whole container ecosystem. This talk gives an overview of the progress, and the problems being solved, and then a deep dive into the state of the specification and implementations. We also cover current open issues and the road to production.