Blog

To continue efforts to improve the security of our graduated and incubating projects, we recently worked with Chainguard to assess the software supply chain security practices of two of our graduated projects, Argo and Prometheus. These efforts build...

Today we’re thrilled to announce 155 new Cloud Native Ambassadors for the Spring 2023 term! The new diverse group of Ambassadors represents 124 companies across 37 countries – meet all the new Ambassadors here. The new Cloud Native...

By Chris Aniszczyk (@cra) and Rey Lejano In 2018, the Cloud Native Computing Foundation (CNCF) started performing and open sourcing third-party security audits with the goal of improving the overall security practices of our ecosystem. Since then, Argo,...

Project post originally published on the Buildpack’s blog by Juan Bustamante Our adopters and contributors have grown substantially over the last several years, but until now the Cloud Native Buildpacks project has not had a structure that would...

By Chris Aniszczyk, Adam Korczynski, David Korczynski Introduction In this blog post we will present an overview of the state of fuzzing CNCF projects. We published a blog post on this in June 2022 titled Improving Security by...

By Jonathan Berkhahn, Operator Framework Steering Committee We are pleased to announce Java Operator SDK (JOSDK) is joining Operator Framework as an official subproject. Java Operator SDK JOSDK consists of a high-level framework for implementing operators in Java,...

Project post also on the Nirmata blog by the Kyverno maintainers Kyverno is a policy engine built for Kubernetes that helps secure and automate Kubernetes configurations. In Kubernetes policies are configurations that govern the configuration and runtime behaviors...

Project post originally published on the Istio blog by Bernard Van De Walle, Splunk + Mitch Connors, Aviatrix With dozens of tools for securing your network available, it is easy to find tutorials and demonstrations illustrating how these...

By the Cloud Native Explorers Building on the success of “Bob and Jeefy’s Guide to Detroit”, we are pleased to announce Cloud Native Explorers! Cloud Native Explorers is a new blog series where we bring together community members...

In modern tech stacks, CI/CD enables GitOps. With so many organizations using CD and GitOps practices and technologies to build new features quickly, reliably, and securely, it was a natural evolution for the CNCF and CD Foundation to...