Search results for: security audit


Building secure software supply chains in CNCF with SLSA assessments

Posted on April 19, 2023

To continue efforts to improve the security of our graduated and incubating projects, we recently worked with Chainguard to assess the software supply chain security practices of two of our graduated projects, Argo and Prometheus. These…


Flux: March 2023 Update

Posted on April 14, 2023

Project post originally published on the Flux blog by Daniel Holbach As the Flux family of projects and its communities are growing, we strive to inform you each month about what has already landed, new possibilities…


An overview of the CNCF and OSTIF impact report for the second half of 2022 and early 2023

Posted on March 13, 2023 | Chris Aniszczyk + Amir Montazery 

By Chris Aniszczyk and Amir Montazery  CNCF and Open Source Technology Improvement Fund (OSTIF) have been working together for the last several years to conduct security audits for CNCF’s Graduated and Incubating projects. As a result…


KubeEdge! CNCF’s First SLSA 3 Project

Posted on February 27, 2023 | KubeEdge SIG-Security

Community post by KubeEdge SIG-Security (Reprinted from the KubeEdge blog) In July 2022, the KubeEdge community completed a third-party security audit of KubeEdge[2] and released a paper on cloud native edge computing security threat analysis and…


Cloud DevSecOps: what it is, benefits and tools

Posted on February 27, 2023 | SparkFabrik

Guest post originally published on the SparkFabrik blog If you are familiar with the DevOps philosophy, you will certainly have heard of DevSecOps. It is an approach to security that is gaining momentum in line with…


Service mesh 2022 recap: Linkerd adoption doubled, and what we learned about eBPF, the Gateway API, and more

Posted on January 20, 2023 | William Morgan

Guest post originally published on Linkerd’s blog by William Morgan It’s been a good year for Linkerd. Although much of the software industry has struggled through an economic downturn, Linkerd adoption has only been growing. In…


The Cloud Native Computing Foundation Announces Argo has Graduated

Posted on December 6, 2022

One of the most active CNCF projects, Argo, is trusted by industry leaders such as Adobe, BlackRock, Capital One, Google, Intuit, Peloton, Tesla, and Ticketmaster  San Francisco, CA – December 6, 2022 – The Cloud Native…


SPIFFE and SPIRE Projects Graduate from Cloud Native Computing Foundation Incubator

Posted on September 20, 2022

Projects are used by leading cloud native companies including Bloomberg, ByteDance, Pinterest, and Twilio, among others San Francisco, CA – September 20, 2022 – The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud…


etcd integrates continuous fuzzing

Posted on April 13, 2022 | Adam Korczynski, David Korczynski, Sahdev Zala

Guest post originally published on the etcd blog by Adam Korczynski, David Korczynski, Sahdev Zala In the last few months, the team at Ada Logics has worked on integrating continuous fuzzing into the etcd project. This was an…


Flux January 2022 update

Posted on February 11, 2022 | Daniel Holback

code example