Supply Chain Fundamentals: SBOM, CI/CD, and Registries

You lock down RBAC, harden nodes, enforce network policies. But do you actually know what's inside the container images running in your cluster? Which libraries shipped in that base image? Which build system produced the artifact? Whether someone tampered with the binary between the CI job and the registry?

That's what supply chain security addresses. The CKS exam dedicates 20% to this domain, and this lesson focuses on the foundational competency: understanding your supply chain. You need to know what SBOMs are, how CI/CD pipelines produce and attest artifacts, and how registries and admission policies control what enters your cluster. The next lessons in this module cover signing and verification with Cosign, then static analysis with Trivy and KubeLinter.