Misconfigured charts, unverified dependencies, and lax RBAC and privilege settings can lead to supply chain attacks in Kubernetes. If your business or open-source project relies on Helm charts, which is likely the case if you’re using Kubernetes, this session covers best practices and automation strategies to secure your containerised workloads, by:

• Verifying every asset: Validate public Helm charts, dependencies, and images from popular OSS projects before deployment
• Automating compliance: Scan for vulnerabilities with Trivy and enforce runtime OPA Gatekeeper security policies in real-time.
• Preventing supply chain attacks: Audit and manage Helm charts before distributing through secure repositories.
• Accept the manual overhead: Understand that most charts are insecure-by-default, and require further security checks by your team. 

Bonus: Participants will receive access to a hands-on, interactive Instruqt lab platform that analyzes actual insecure chart templates and demonstrates how to scan and detect these vulnerabilities with open-source tools, implement security standards, and properly validate Helm charts prior to production Kubernetes deployment.