Procedural

How to Set Up An Instance of Rekor Instance Locally
Create your own instance of the Rekor transparency log
How to Sign an SBOM with Cosign
Signing software bills of materials with Cosign
Disallowing Non-Default Capabilities
Using Policy Controller to prevent running pods with extra capabilities
Disallowing Privileged Pods
Using Policy Controller to prevent running privileged pods
Disallowing Run as Root User
Using Policy Controller to prevent running pods as root
Maximum Container Image Age
Maximum container image age with Policy Controller
Disallowing Unsafe sysctls
Use Policy Controller to limit pods to safe sysctls