Unleashing in-toto: The API of DevSecOps
Guest post by Aditya Sirish, in-toto maintainer and Cole Kennedy, member of the in-toto steering committee The Integration Revolution Being part of the DevOps world, you’re likely no stranger to the DevSecOps buzz — the strategy of embedding…
InfoQ: “Software Supply Chain Security Project in-toto Accepted into CNCF Incubator”
The CNCF Technical Oversight Committee (TOC) has accepted the in-toto project as a CNCF incubating project. The in-toto project aims to cryptographically protect the entire software build and delivery process – the “supply chain” – from malicious actors.
Supply chain security project in-toto moves to the CNCF Incubator
The CNCF Technical Oversight Committee (TOC) has voted to accept in-toto as a CNCF incubating project. in-toto is a framework that protects the software supply chain by collecting and verifying relevant data. It does so by enabling libraries…
Congratulations to 45 CNCF Term 1 2024 LFX Program mentees!
Mentorship blog by Nate Waddington, Head of Mentorship & Documentation at CNCF We are thrilled to share that 45 CNCF mentees with the LFX Program have successfully completed their mentorship. Numerous CNCF projects across Graduated, Incubating, Sandbox projects,…
Artifact Hub becomes a CNCF incubating project
The CNCF Technical Oversight Committee (TOC) has voted to accept Artifact Hub as a CNCF incubating project. Artifact Hub is a web-based application that enables finding, installing, and publishing cloud native packages and configurations. Discovering useful cloud native…
Lessons from CrowdStrike’s buggy update: the critical importance of robust release processes
Community post by Andrés Vega, M42 and Technical Leader, CNCF TAG Security Recent events involving CrowdStrike’s Falcon security software have underscored a critical lesson across the industry: the importance of having a robust, secure release process. Such incidents…
Mastering DevSecOps with Devtron: a strategic approach
Member post originally published on the Devtron blog by Nishant As the adoption of Kubernetes continues to grow, organizations encounter numerous challenges in securing their software development and deployment processes. Integrating security practices into DevOps, known as DevSecOps,…
Policy-as-Code in the software supply chain
TAG post by members of TAG security including Marina Moore, Michael Lieberman, John Kjell, James Carnegie, and Luca Bandini Reviewers: Emily Fox, Andrés Vega, Andrew McNamara, Andrew Block, Jon Zeolla, Andrew Martin Introduction Software supply chain policy describes…
OpenFeature becomes a CNCF incubating project
The CNCF Technical Oversight Committee (TOC) has voted to accept OpenFeature as a CNCF incubating project. OpenFeature is an open specification that offers a vendor-agnostic, community-driven API for feature flagging, compatible with various feature flag management tools. Feature…
Cloud native technology continues to make an impact across industries and geographies SAN FRANCISCO, Calif. – October 18, 2023 – The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced today that 36…