Announcing the Secure Software Factory Reference Architecture Paper
Community post by Alexander Floyd Marshall from TAG Security Almost a year ago the CNCF published its “Software Supply Chain Best Practices” guide, detailing over 50 ways to improve cloud-native software supply chains. That guide referenced…
Cloud Native Maturity Model 2.0
Community post by Danielle Cook, Simon Forster for the Cartographos Working Group KubeCon 2021 in North America saw the launch of the Cloud Native Maturity Model, a model launched by the Cartografos Working Group to help…
5 tips for implementing an Internal Developer Portal in your company
Guest post originally published on Mia-Platform’s blog by Mia-Platform Team More and more companies are adopting the Agile approach and DevOps paradigm to accelerate and improve their software development. Even though some software lifecycle processes have been simplified and speeded…
Project post originally published on the Flux blog by Daniel Holbach As the Flux family of projects and its communities are growing, we strive to inform you each month about what has already landed, new possibilities…
Guest post originally published on Xenit’s blog by Anders Qvist The Twelve-factor app is a methodology for building software-as-a-service apps that was first formulated by developers associated with Heroku. It’s been ten years since the first presentation…
Docs as Code: how does it improve developer experience?
Guest post originally published on Mia-Platform’s blog Introduction In the lifecycle of a software product, documentation plays a very significant role: without it, users struggle to use the software, or, in the best scenario, they do…
A MAP for Kubernetes supply chain security
Guest post originally published on the Nirmata blog by Jim Bugwadia The sharp increase in software supply chain attacks has made securing the build and delivery of software a critical topic. But what does this mean…
Trusting SBOMs in the software supply chain: Syft now creates attestations using Sigstore
Guest post originally published on the Anchore blog by Dan Luhring With the recent release of Syft v0.40.0, you can now create signed SBOM attestations directly in Syft. This is made possible by Project Sigstore, which makes signing…
The future of Kubernetes – and why developers should look beyond Kubernetes in 2022
Guest post originally published on Eficode’s blog by Michael Vittrup Larsen Kubernetes is ubiquitous in container orchestration, and its popularity has yet to weaken. This does, however, not mean that evolution in the container orchestration space…
Flux Security: Image Provenance
Guest post originally published on Flux’s blog by Daniel Holbach Next up in our blog series about Flux Security is how and why we use signatures for the Flux CLI and all its controller images and…