Search results for: in-toto


ITOps Times: “CNCF announces graduation of in-toto security framework for software supply chain integrity”

Posted on April 25, 2025

The Cloud Native Computing Foundation (CNCF) today announced the graduation of in-toto, a software supply chain security framework developed at the NYU Tandon School of Engineering.


CNCF Announces Graduation of in-toto Security Framework, Enhancing Software Supply Chain Integrity Across Industries

Posted on April 23, 2025

NYU Tandon-developed software security framework achieves highest CNCF maturity level, combating rising software supply chain attacks SAN FRANCISCO, CA, April 23, 2025 – The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native…


Unleashing in-toto: The API of DevSecOps

Posted on August 17, 2023 | Aditya Sirish and Cole Kennedy

Guest post by Aditya Sirish, in-toto maintainer and Cole Kennedy, member of the in-toto steering committee The Integration Revolution Being part of the DevOps world, you’re likely no stranger to the DevSecOps buzz — the strategy…


InfoQ: “Software Supply Chain Security Project in-toto Accepted into CNCF Incubator”

Posted on March 19, 2022

The CNCF Technical Oversight Committee (TOC) has accepted the in-toto project as a CNCF incubating project. The in-toto project aims to cryptographically protect the entire software build and delivery process – the “supply chain” – from…


Supply chain security project in-toto moves to the CNCF Incubator

Posted on March 10, 2022

The CNCF Technical Oversight Committee (TOC) has voted to accept in-toto as a CNCF incubating project.  in-toto is a framework that protects the software supply chain by collecting and verifying relevant data. It does so by…


Kubescape becomes a CNCF incubating project

Posted on February 26, 2025

The CNCF Technical Oversight Committee (TOC) has voted to accept Kubescape as a CNCF incubating project.  Kubescape is an open-source Kubernetes security project designed to offer comprehensive security coverage throughout the entire development and deployment lifecycle….


Docsy 2024 review: adoptions and enhancements

Posted on January 7, 2025

By Patrice Chalin (CNCF), for the Docsy Steering Committee As we reflect on 2024, it’s exciting to see steady progress toward the goals outlined in our 2024 priorities. This year, we focused on enhancing stability, improving internationalization, and delivering long-anticipated…


CNCF welcomes wasmCloud to the CNCF Incubator

Posted on November 12, 2024

The CNCF Technical Oversight Committee (TOC) has voted to accept wasmCloud as a CNCF incubating project.  wasmCloud, an open source project from the Cloud Native Computing Foundation (CNCF), enables teams to build and run polyglot applications…


Flatcar brings Container Linux to the CNCF Incubator 

Posted on October 29, 2024

The CNCF Technical Oversight Committee (TOC) has voted to accept Flatcar as a CNCF incubating project.  Flatcar is a zero-touch, minimal operating system (OS) for containerized workloads, addressing the challenges of managing and securing a production…


Software supply chain compliance and security policies with SignServer, EJBCA, and Chainloop

Posted on October 25, 2024

Member post originally published on the EJBCA by Keyfactor and Chainloop blogs by Ben Dewberry, Product Manager, Signing and Key Management, Keyfactor and Miguel Martinez Trivino, Co-founder, Chainloop A software supply chain is the series of steps…