Unleashing in-toto: The API of DevSecOps
Guest post by Aditya Sirish, in-toto maintainer and Cole Kennedy, member of the in-toto steering committee The Integration Revolution Being part of the DevOps world, you’re likely no stranger to the DevSecOps buzz — the strategy of embedding…
InfoQ: “Software Supply Chain Security Project in-toto Accepted into CNCF Incubator”
The CNCF Technical Oversight Committee (TOC) has accepted the in-toto project as a CNCF incubating project. The in-toto project aims to cryptographically protect the entire software build and delivery process – the “supply chain” – from malicious actors.
Supply chain security project in-toto moves to the CNCF Incubator
The CNCF Technical Oversight Committee (TOC) has voted to accept in-toto as a CNCF incubating project. in-toto is a framework that protects the software supply chain by collecting and verifying relevant data. It does so by enabling libraries…
Policy-as-Code in the software supply chain
TAG post by members of TAG security including Marina Moore, Michael Lieberman, John Kjell, James Carnegie, and Luca Bandini Reviewers: Emily Fox, Andrés Vega, Andrew McNamara, Andrew Block, Jon Zeolla, Andrew Martin Introduction Software supply chain policy describes…
OpenFeature becomes a CNCF incubating project
The CNCF Technical Oversight Committee (TOC) has voted to accept OpenFeature as a CNCF incubating project. OpenFeature is an open specification that offers a vendor-agnostic, community-driven API for feature flagging, compatible with various feature flag management tools. Feature…
Cloud native technology continues to make an impact across industries and geographies SAN FRANCISCO, Calif. – October 18, 2023 – The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced today that 36…
KubeEdge! CNCF’s First SLSA 3 Project
Community post by KubeEdge SIG-Security (Reprinted from the KubeEdge blog) In July 2022, the KubeEdge community completed a third-party security audit of KubeEdge[2] and released a paper on cloud native edge computing security threat analysis and protection. Based…
Container Security: what it is and how to implement it
Guest post originally published on SparkFabrik’s blog Containerized applications are becoming increasingly more common, and with their deployment comes an increased need to ensure adequate container security and resilience of the software supply chain. In this article, we will…
10 ways to make your software pipeline more observable
Guest post originally published on the Cloudsmith blog by Ciara Carey Ciara lists 10 ways to make your software pipelines more transparent and observable to gain insights, identify unusual behavior and possibly prevent a software supply chain attack….
Kyverno moves to the CNCF Incubator
The CNCF Technical Oversight Committee (TOC) has voted to accept Kyverno as a CNCF incubating project. Kyverno is a policy engine designed for Kubernetes. Policies provide security and automation and simplify managing Kubernetes configurations across developers, operators, and…