Manufacturing platforms rarely run only first-party code. They depend on workloads delivered by vendors, system integrators, and third-party partners, each with different security standards and update cycles. Without clear enforcement, temporary vendor exceptions can quietly become permanent risk.

This session focuses on using policy-as-code to enforce supply chain and vendor trust boundaries inside Kubernetes. Using Kyverno, we show how teams can define and enforce approved registries, trusted image sources, mandatory vendor metadata, and time-bound exceptions without relying on manual reviews or tribal knowledge.

Rather than covering generic supply chain theory, the talk dives into concrete policy patterns used in manufacturing environments to safely onboard vendor workloads while maintaining control. Attendees will leave with practical examples of using Kubernetes-native policies to make vendor trust explicit, auditable, and enforceable by default.