In a world of increasing compliance requirements and heightened security expectations, FIPS (Federal Information Processing Standards) compliance is more than just a checkbox. But how do you ensure your artifacts truly meet FIPS standards?

This talk demystifies FIPS compliance for container images, what it covers, and how compliance is validated. We’ll explore check-payload, a lightweight, open source cli tool built to scan container images for FIPS compliance.

We will also demonstrate how we plugged this check into a secure CI/CD pipeline that leverages Tekton chains. The attendees will walk away with a clear understanding of what FIPS compliance entails, and some practical tools and patterns to integrate FIPS checks in their CI/CD workflows.