Supply chain security is crucial for the platform engineering teams. In addition to security concerns, they need to provide seamless and efficient tools for their clients.

This session delves into the intersection of supply chain security and platform engineering by exploring GitOps, Sigstore, and OCI artifacts and registries. Attendees will learn how easy it is to store helm releases in an OCI registry, secure them with Cosign, and verify the signature with Flux with a well-designed demo.

Helm supports OCI registries since version 3.8.0. Flux can verify packages signed with Cosign. We will demonstrate using all these features with the Zot registry and showcase supply chain security.