Speaker about security regarding production workloads, we often see the CI/CD and the platform itself. While they are good start in making production workloads secure, we tend to forget other existing mechanisms like image signature. Kubernetes project has announced sigstore usage to sign each and every component. How to leverage this mechanism for our own application images? what are their key features ? are there any alternatives? is it complex to use? let's find out all together :) through this talk let's discover how to strengthen image security using sigstore and also learn how to leverage other existing mechanisms.