Yashvardhan Nanavati
I am a Principal Software Engineer at Red Hat and have been working in the industry for 8+ years. I am the Technical lead of a team focused on building applications and tooling for the build to release pipeline. Now a days, I am working with Go, Python, Rego, Tekton, ArgoCD and Kubernetes. I am currently contributing to Konflux which is an open source development platform that helps you build secure artifacts.
Principal Software Engineer
Company or affiliation –Red Hat Inc
Session
In a world of increasing compliance requirements and heightened security expectations, FIPS (Federal Information Processing Standards) compliance is more than just a checkbox. But how do you ensure your artifacts truly meet FIPS standards?
This talk demystifies FIPS compliance for container images, what it covers, and how compliance is validated. We’ll explore check-payload, a lightweight, open source cli tool built to scan container images for FIPS compliance.
We will also demonstrate how we plugged this check into a secure CI/CD pipeline that leverages Tekton chains. The attendees will walk away with a clear understanding of what FIPS compliance entails, and some practical tools and patterns to integrate FIPS checks in their CI/CD workflows.