[$] Securing the container image supply chain

"Security is hard" is a tautology, especially in the fast-moving worldof container orchestration. We have previously covered various aspects ofLinux containersecurity through, for example, the Clear Containers implementationor the broader question of Kubernetes andsecurity, but those are mostly concerned with container isolation; they do not address thequestion of trusting a container's contents. What is a container running?Who built it and when? Even assuming we have good programmers and solidisolation layers, propagating that good code around a Kubernetes clusterand making strong assertions on the integrity of that supply chain is farfrom trivial. The 2018 KubeCon+ CloudNativeCon Europe event featured some projects that couldeventually solve that problem.