Protect the pipe! Secure CI/CD pipelines with a policy-based approach using Tekton and Kyverno
Guest post originally published on the Nirmata blog by Jim Bugwadia of Nirmata and Shripad Nadgowda a Cloud Architect at Intel Rise of software supply chain attacks In the last few years there has been a…
Flux August 2022 project update
Project post originally published on the Flux blog by Daniel Holbach As the Flux family of projects and its communities are growing, we strive to inform you each month about what has already landed, new possibilities…
Securing Kubernetes cluster using Kubescape and kube-bench
Guest post originally published on InfraCloud’s blog by Amar Chand With businesses adopting cloud native technology, Kubernetes has emerged as a primary tool of choice for container orchestration. Deploying and managing applications has never been easier….
What can Confidential Computing do for the Kubernetes community?
Guest post originally published on the Edgeless Systems blog by Fabian Kammel, Senior Security Engineer This is a summary of the talk I gave at the Kubernetes Community Days (KCD) Berlin 2022. Both, the slides and a recording…
Project post by KubeEdge maintainers The security of cloud native edge computing has been of concern to many users. It was difficult for users to perform effective security hardening on their edge systems due to no…
2022 Argo external security audit: Lessons learned
Project post cross-posted from the Argo Blog by Michael Crenshaw In early 2022, the Argo team and CNCF began work with Ada Logics to perform a security audit on the four Argo projects. Ada Logics discovered…
TOC votes to advance Keptn to the CNCF Incubator
The CNCF Technical Oversight Committee (TOC) has voted to accept Keptn as a CNCF incubating project. Keptn is an event-driven orchestration engine that connects observability with operations in cloud native applications. The project uses a declarative…
Local Env as Code: Is it possible yet
Guest post by Jan Van Bruggen, Developer Relations Lead at itopia In the past decade, we’ve seen the rise, standardization and meme-ification of “as code”: Infrastructure as Code, Monitoring as Code, Policy as Code and soon…
Project post originally published on the Flux blog by Daniel Holbach As the Flux family of projects and its communities are growing, we strive to inform you each month about what has already landed, new possibilities…
Announcing the Secure Software Factory Reference Architecture Paper
Community post by Alexander Floyd Marshall from TAG Security Almost a year ago the CNCF published its “Software Supply Chain Best Practices” guide, detailing over 50 ways to improve cloud-native software supply chains. That guide referenced…