The Cloud Native Computing Foundation (CNCF) today announced the graduation of in-toto, a software supply chain security framework developed at the NYU Tandon School of Engineering.
NYU Tandon-developed software security framework achieves highest CNCF maturity level, combating rising software supply chain attacks SAN FRANCISCO, CA, April 23, 2025 – The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native…
Unleashing in-toto: The API of DevSecOps
Guest post by Aditya Sirish, in-toto maintainer and Cole Kennedy, member of the in-toto steering committee The Integration Revolution Being part of the DevOps world, you’re likely no stranger to the DevSecOps buzz — the strategy…
InfoQ: “Software Supply Chain Security Project in-toto Accepted into CNCF Incubator”
The CNCF Technical Oversight Committee (TOC) has accepted the in-toto project as a CNCF incubating project. The in-toto project aims to cryptographically protect the entire software build and delivery process – the “supply chain” – from…
Supply chain security project in-toto moves to the CNCF Incubator
The CNCF Technical Oversight Committee (TOC) has voted to accept in-toto as a CNCF incubating project. in-toto is a framework that protects the software supply chain by collecting and verifying relevant data. It does so by…
Kubescape becomes a CNCF incubating project
The CNCF Technical Oversight Committee (TOC) has voted to accept Kubescape as a CNCF incubating project. Kubescape is an open-source Kubernetes security project designed to offer comprehensive security coverage throughout the entire development and deployment lifecycle….
Docsy 2024 review: adoptions and enhancements
By Patrice Chalin (CNCF), for the Docsy Steering Committee As we reflect on 2024, it’s exciting to see steady progress toward the goals outlined in our 2024 priorities. This year, we focused on enhancing stability, improving internationalization, and delivering long-anticipated…
CNCF welcomes wasmCloud to the CNCF Incubator
The CNCF Technical Oversight Committee (TOC) has voted to accept wasmCloud as a CNCF incubating project. wasmCloud, an open source project from the Cloud Native Computing Foundation (CNCF), enables teams to build and run polyglot applications…
Flatcar brings Container Linux to the CNCF Incubator
The CNCF Technical Oversight Committee (TOC) has voted to accept Flatcar as a CNCF incubating project. Flatcar is a zero-touch, minimal operating system (OS) for containerized workloads, addressing the challenges of managing and securing a production…
Software supply chain compliance and security policies with SignServer, EJBCA, and Chainloop
Member post originally published on the EJBCA by Keyfactor and Chainloop blogs by Ben Dewberry, Product Manager, Signing and Key Management, Keyfactor and Miguel Martinez Trivino, Co-founder, Chainloop A software supply chain is the series of steps…