Name: Beyond the Signature: Building ProvaValidator to Understand Container Trust
Start: 2026-04-28T18:00:00+01:00
End: 2026-04-28T20:00:00+01:00
Location: bjss Nottingham

**Talk;**

* This talk follows the journey of building ProvaValidator([https://github.com/KiptoonKipkurui/provavalidator](https://github.com/KiptoonKipkurui/provavalidator)), a container image security tool created to answer a practical question: can we actually trust the images we run? What began as a provenance validator evolved into a broader research platform for verifying signatures and attestations, generating SBOMs, scanning vulnerabilities, detecting image drift, and comparing image trust signals across major registries.
* Using real-world research data, the talk explores how container trust works in practice, where it breaks down, and what separates a signed image from a truly policy-ready one. It also covers the engineering lessons learned while building the tool, including support for Cosign and Notation, registry access challenges, scaling analysis across many images, and the operational realities of turning supply-chain security ideas into working software.

* **Agenda**;
18:00; Doors Open
18:30; Speaker delivers talk
19:15; Pizza and catch up
20:00; Doors close

Location; Fothergill House, 16 King St, Nottingham NG1 2AS

Mica Bell

DevOps Notts

Technology

Linux

Agile Testing

Software QA and Testing

DevOps

Agile Coaching

Agile and Scrum

Agile Leadership

Agile Transformation

Test Automation

DevOps Automation

Microsoft Azure

Daniel is a software engineer with 7+ years of experience building scalable backend systems across fintech, analytics, and developer tooling. He has contributed to Kubernetes-focused open source infrastructure and has a particular interest in software supply chain security and reliable distributed systems.

DevOps Notts

Beyond the Signature: Building ProvaValidator to Understand Container Trust

DevOps Notts

Details

Related topics

You may also like