Project post originally published on the Argo blog by Zach Aller Welcome Argo Rollouts 1.6! This release had 33 contributors, of which 22 were first-timers, and includes 134 commits. Thank you all for your contributions! This release…
Introducing the Wasm landscape (in English and Chinese)
By Chris Aniszczyk, Vivian Hu and Michael Yuan “Containers are the new normal, and WebAssembly is the future.” — CNCF Annual Survey 2022 key findings. Originally created as a secure sandbox to run compiled C/C++…
Dapr completes 2023 security audit – increasing enterprise confidence
Project post originally published on the Dapr Blog by Yaron Schneider Dapr is trusted by thousands of developers from companies of all sizes to handle their mission critical workloads. These range from manufacturing to automotive to…
Verifying images in a private Amazon ECR with Kyverno and IAM Roles for Service Accounts (IRSA)
Community post originally published on GitHub by Shuting Zhao, a maintainer of Kyverno When running workloads in Amazon Elastic Kubernetes Service (EKS), it is essential to ensure supply chain security by verifying container image signatures and…
Notary Project announces a major release!
Project post originally published on the Notary Project blog by the Notary Project Release Team The Notary Project maintainers are proud to announce a major release, including Notary Project specifications v1.0.0, notation v1.0.0, notation-go v1.0.0, and notation-core-go v1.0.0 which are ready…
Unleashing in-toto: The API of DevSecOps
Guest post by Aditya Sirish, in-toto maintainer and Cole Kennedy, member of the in-toto steering committee The Integration Revolution Being part of the DevOps world, you’re likely no stranger to the DevSecOps buzz — the strategy…
Have we reached a point of no return on managing software dependencies?
Guest post originally published on Paolo Mainardi’s blog by Paolo Mainardi, Founder and CTO of Sparkfabrik Software Supply Chain security issues are hitting hard the whole OSS ecosystem; not a day goes by without a security incident going into…
Supply chain security framework: S2C2F
Guest post originally published on the SIGHUP blog by Simone Ragonesi In this article, we will introduce you to S2C2F. The Secure Supply Chain Consumption Framework is a combination of requirements and tools for any organization…
The Flux project is thrilled to announce the general availability (GA) release of Flux v2. Flux’s move to general availability represents a significant milestone in the CNCF ecosystem. This progression not only exemplifies the CNCF’s commitment…
Linkerd edge roundup: 21 June 2023
Project post originally published on the Linkerd blog by Matei David Linkerd’s edge releases are a big part of our development process that we’re going to start talking more about – and so far in June,…