Inspektor Gadget: Results from the first security audit
Inspektor Gadget, the open source eBPF-based toolkit for Kubernetes observability and Linux host inspection, has completed its first independent security audit. The audit was coordinated by the Open Source Technology Improvement Fund (OSTIF), funded by the…
Introducing Prempti: Policy and visibility for AI coding agents
AI coding agents have become a real part of the developer workflow. Tools like Claude Code sit in your terminal, read your files, run shell commands, make network requests, and write code, all on your behalf….
Announcing Kyverno release 1.18!
We’re excited to announce the release of Kyverno 1.18, our first release since graduating within the Cloud Native Computing Foundation. This release builds on Kyverno’s growing role as a Kubernetes-native policy engine, with major investments in…
Securing GitHub Actions CI dependencies: Recipe card
Recipe GitHub Actions CI dependencies Target audience (the chef) Project maintainers and developers who need practical, concrete steps to efficiently secure CI dependencies within their GitHub Actions workflows Scope (ingredients) Dependencies within the GitHub Actions, Github…
New global members join CNCF reflecting the rise of enterprise demand for scalable, cost-efficient cloud native technologies KUBECON + CLOUDNATIVECON EUROPE, AMSTERDAM—25 MARCH, 2026—The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native…
Cloud Native Computing Foundation Announces Kyverno’s Graduation
Kyverno reaches graduation after demonstrating broad enterprise adoption as platform teams adopt declarative governance Key Highlights: KUBECON + CLOUDNATIVECON NORTH EUROPE, AMSTERDAM, The Netherlands – March 24, 2026 – The Cloud Native Computing Foundation® (CNCF®), which…
Cloud native agentic standards
An application, composed of one or more containers as dictated by system architecture, that operates either independently or as part of a distributed collaboration—interacting with at least one other entity (container) or achieving quorum-based consensus. It…
Policy-as-Code: Flexible Kubernetes governance with Kyverno
Overview Kubernetes has fundamentally transformed how enterprises deploy and manage business workloads. As organizations build production applications at scale on Kubernetes, cluster size and complexity continue to grow—creating unprecedented challenges in ensuring cluster security, compliance, and…
Registry mirror authentication with Kubernetes secrets
Part I: Architecture and Implementation In production Kubernetes clusters, pulling container images from private registries happens thousands of times per day. Kubernetes distributions from major cloud vendors provide credential providers for their respective registries like AWS…
CRI-O completes second OSTIF audit
The Open Source Technology Improvement Fund is proud to share the results of our security audit of CRI-O. CRI-O is an implementation of the Kubernetes Container Runtime Interface (CRI) that is OCI-compliant (-O) that provides the…