Blog

Mentorship blog by Nate Waddington, Head of Mentorship & Documentation at CNCF We are thrilled to share that 45 CNCF mentees with the LFX Program have successfully completed their mentorship.     Numerous CNCF projects across Graduated, Incubating,...

Community post by Andrés Vega, M42 and Technical Leader, CNCF TAG Security Recent events involving CrowdStrike’s Falcon security software have underscored a critical lesson across the industry: the importance of having a robust, secure release process....

Member post originally published on the Devtron blog by Nishant As the adoption of Kubernetes continues to grow, organizations encounter numerous challenges in securing their software development and deployment processes. Integrating security practices into DevOps, known...

Guest post by Aditya Sirish, in-toto maintainer and Cole Kennedy, member of the in-toto steering committee The Integration Revolution Being part of the DevOps world, you’re likely no stranger to the DevSecOps buzz — the strategy...

Guest post originally published on SparkFabrik’s blog Containerized applications are becoming increasingly more common, and with their deployment comes an increased need to ensure adequate container security and resilience of the software supply chain. In this article,...

Guest post originally published on the Nirmata blog by Jim Bugwadia The sharp increase in software supply chain attacks has made securing the build and delivery of software a critical topic. But what does this mean...

Guest post originally published on the Anchore blog by Dan Luhring With the recent release of Syft v0.40.0, you can now create signed SBOM attestations directly in Syft. This is made possible by Project Sigstore, which makes signing...

The CNCF Technical Oversight Committee (TOC) has voted to accept in-toto as a CNCF incubating project.  in-toto is a framework that protects the software supply chain by collecting and verifying relevant data. It does so by...

In its fifth year participating in Google Summer of Code (GSoC), CNCF is excited to announce 16 interns have graduated from the program after working with the Foundation’s projects. Interns this year contributed to Graduated, Incubating...

Guest post originally published on Contino Engineering‘s blog by Dan Chernoff Supply chain attacks rose by 42% in the first quarter of 2021 [1] and are becoming even more prevalent [2]. In response to secure software...

Guest post from Christian Rebischke, Site Reliability Engineer at avency and CNCF GSoC Intern As every year the Cloud Native Computing Foundation (CNCF) has participated in the Google Summer of Code program, where students from all...

Having participated in the Google Summer of Code (GSoC) since 2017, CNCF is thrilled to announce that this year, 16 interns working on the Foundation’s projects have graduated from the program. Interns this year got to...