Stop supply chain attacks before they reach your Kubernetes cluster

This talk explains how attackers exploit the Kubernetes supply chain through compromised dependencies, poisoned images, and leaky CI runners. It maps real injection points to practical controls that teams can deploy in weeks, not quarters. The session covers how to generate SBOMs for visibility, sign artifacts and attach provenance for integrity, and verify both at admission time so unsafe workloads never reach the cluster. It also discusses how to reduce credential blast radius in CI and detect drift when a running workload no longer matches what was approved. Attendees will leave with an end-to-end supply chain checklist and default guardrails that work across clusters without vendor lock-in.