Search results for: in-toto


Unleashing in-toto: The API of DevSecOps

Posted on August 17, 2023 | By Aditya Sirish and Cole Kennedy

Guest post by Aditya Sirish, in-toto maintainer and Cole Kennedy, member of the in-toto steering committee The Integration Revolution Being part of the DevOps world, you’re likely no stranger to the DevSecOps buzz — the strategy of embedding…


InfoQ: “Software Supply Chain Security Project in-toto Accepted into CNCF Incubator”

Posted on March 19, 2022

The CNCF Technical Oversight Committee (TOC) has accepted the in-toto project as a CNCF incubating project. The in-toto project aims to cryptographically protect the entire software build and delivery process – the “supply chain” – from malicious actors.


Supply chain security project in-toto moves to the CNCF Incubator

Posted on March 10, 2022

The CNCF Technical Oversight Committee (TOC) has voted to accept in-toto as a CNCF incubating project.  in-toto is a framework that protects the software supply chain by collecting and verifying relevant data. It does so by enabling libraries…


Congratulations to 45 CNCF Term 1 2024 LFX Program mentees!

Posted on September 27, 2024

Mentorship blog by Nate Waddington, Head of Mentorship & Documentation at CNCF We are thrilled to share that 45 CNCF mentees with the LFX Program have successfully completed their mentorship.     Numerous CNCF projects across Graduated, Incubating, Sandbox projects,…


Artifact Hub becomes a CNCF incubating project

Posted on September 17, 2024

The CNCF Technical Oversight Committee (TOC) has voted to accept Artifact Hub as a CNCF incubating project.  Artifact Hub is a web-based application that enables finding, installing, and publishing cloud native packages and configurations. Discovering useful cloud native…


Lessons from CrowdStrike’s buggy update: the critical importance of robust release processes

Posted on July 19, 2024

Community post by Andrés Vega, M42 and Technical Leader, CNCF TAG Security Recent events involving CrowdStrike’s Falcon security software have underscored a critical lesson across the industry: the importance of having a robust, secure release process. Such incidents…


Mastering DevSecOps with Devtron: a strategic approach

Posted on June 20, 2024

Member post originally published on the Devtron blog by Nishant As the adoption of Kubernetes continues to grow, organizations encounter numerous challenges in securing their software development and deployment processes. Integrating security practices into DevOps, known as DevSecOps,…


Policy-as-Code in the software supply chain

Posted on February 14, 2024 | By Marina Moore, Michael Lieberman, John Kjell, James Carnegie, and Luca Bandini

TAG post by members of TAG security including Marina Moore, Michael Lieberman, John Kjell, James Carnegie, and Luca Bandini Reviewers: Emily Fox, Andrés Vega, Andrew McNamara, Andrew Block, Jon Zeolla, Andrew Martin Introduction Software supply chain policy describes…


OpenFeature becomes a CNCF incubating project

Posted on December 19, 2023

The CNCF Technical Oversight Committee (TOC) has voted to accept OpenFeature as a CNCF incubating project. OpenFeature is an open specification that offers a vendor-agnostic, community-driven API for feature flagging, compatible with various feature flag management tools. Feature…


Cloud Native Computing Foundation Continues to Drive Global Cloud Native Growth as 36 New Silver Members Join

Posted on October 18, 2023

Cloud native technology continues to make an impact across industries and geographies SAN FRANCISCO, Calif. – October 18, 2023 – The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced today that 36…