Dapr completes 2023 security audit – increasing enterprise confidence
Project post originally published on the Dapr Blog by Yaron Schneider Dapr is trusted by thousands of developers from companies of all sizes to handle their mission critical workloads. These range from manufacturing to automotive to financial services…
Verifying images in a private Amazon ECR with Kyverno and IAM Roles for Service Accounts (IRSA)
Community post originally published on GitHub by Shuting Zhao, a maintainer of Kyverno When running workloads in Amazon Elastic Kubernetes Service (EKS), it is essential to ensure supply chain security by verifying container image signatures and other metadata….
Notary Project announces a major release!
Project post originally published on the Notary Project blog by the Notary Project Release Team The Notary Project maintainers are proud to announce a major release, including Notary Project specifications v1.0.0, notation v1.0.0, notation-go v1.0.0, and notation-core-go v1.0.0 which are ready for production…
Unleashing in-toto: The API of DevSecOps
Guest post by Aditya Sirish, in-toto maintainer and Cole Kennedy, member of the in-toto steering committee The Integration Revolution Being part of the DevOps world, you’re likely no stranger to the DevSecOps buzz — the strategy of embedding…
Have we reached a point of no return on managing software dependencies?
Guest post originally published on Paolo Mainardi’s blog by Paolo Mainardi, Founder and CTO of Sparkfabrik Software Supply Chain security issues are hitting hard the whole OSS ecosystem; not a day goes by without a security incident going into the wild,…
Supply chain security framework: S2C2F
Guest post originally published on the SIGHUP blog by Simone Ragonesi In this article, we will introduce you to S2C2F. The Secure Supply Chain Consumption Framework is a combination of requirements and tools for any organization to adopt…
The Flux project is thrilled to announce the general availability (GA) release of Flux v2. Flux’s move to general availability represents a significant milestone in the CNCF ecosystem. This progression not only exemplifies the CNCF’s commitment to the…
Linkerd edge roundup: 21 June 2023
Project post originally published on the Linkerd blog by Matei David Linkerd’s edge releases are a big part of our development process that we’re going to start talking more about – and so far in June, we’ve done…
From mentee to mentor: my journey through LFX mentorship
Mentorship post originally published on Dev.to by Asmit Malakannawar Are you already actively contributing to open source and looking to take your involvement to the next level? You can participate in the LFX Mentorship program. Through the LFX…
Announcing results of Notation security audit 2023
Project post by Notary maintainers In early 2023, Notary Project, under the guidance of Cloud Native Computing Foundation began work with Ada Logics to perform the first security audit of the Notation libraries and CLI. The Notation libraries and CLI are a…