Building secure software supply chains in CNCF with SLSA assessments
To continue efforts to improve the security of our graduated and incubating projects, we recently worked with Chainguard to assess the software supply chain security practices of two of our graduated projects, Argo and Prometheus. These…
Project post originally published on the Flux blog by Daniel Holbach As the Flux family of projects and its communities are growing, we strive to inform you each month about what has already landed, new possibilities…
An overview of the CNCF and OSTIF impact report for the second half of 2022 and early 2023
By Chris Aniszczyk and Amir Montazery CNCF and Open Source Technology Improvement Fund (OSTIF) have been working together for the last several years to conduct security audits for CNCF’s Graduated and Incubating projects. As a result…
KubeEdge! CNCF’s First SLSA 3 Project
Community post by KubeEdge SIG-Security (Reprinted from the KubeEdge blog) In July 2022, the KubeEdge community completed a third-party security audit of KubeEdge[2] and released a paper on cloud native edge computing security threat analysis and…
Cloud DevSecOps: what it is, benefits and tools
Guest post originally published on the SparkFabrik blog If you are familiar with the DevOps philosophy, you will certainly have heard of DevSecOps. It is an approach to security that is gaining momentum in line with…
Guest post originally published on Linkerd’s blog by William Morgan It’s been a good year for Linkerd. Although much of the software industry has struggled through an economic downturn, Linkerd adoption has only been growing. In…
The Cloud Native Computing Foundation Announces Argo has Graduated
One of the most active CNCF projects, Argo, is trusted by industry leaders such as Adobe, BlackRock, Capital One, Google, Intuit, Peloton, Tesla, and Ticketmaster San Francisco, CA – December 6, 2022 – The Cloud Native…
SPIFFE and SPIRE Projects Graduate from Cloud Native Computing Foundation Incubator
Projects are used by leading cloud native companies including Bloomberg, ByteDance, Pinterest, and Twilio, among others San Francisco, CA – September 20, 2022 – The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud…
etcd integrates continuous fuzzing
Guest post originally published on the etcd blog by Adam Korczynski, David Korczynski, Sahdev Zala In the last few months, the team at Ada Logics has worked on integrating continuous fuzzing into the etcd project. This was an…