36 CNCF term 2 LFX mentees have successfully completed the program!
Congratulations to the 36 interns who have graduated from the LFX Program after working with CNCF projects over June, July, and August! Mentees had the opportunity to work on many different projects across our Graduated, Incubating,…
Secure software supply chain for OCI Artifacts on Kubernetes
Guest post originally published on SparkFabrik’s blog The concept of the Software Supply Chain is growing in importance since the Cloud Native approach has become increasingly central to modern application development. As in traditional industry, an…
Introducing the Wasm landscape (in English and Chinese)
By Chris Aniszczyk, Vivian Hu and Michael Yuan “Containers are the new normal, and WebAssembly is the future.” — CNCF Annual Survey 2022 key findings. Originally created as a secure sandbox to run compiled C/C++…
Using dragonfly to distribute images and files for multi-cluster kuberenetes
Dragonfly provides efficient, stable, securefile distribution and image acceleration based on p2p technology to be the best practice and standard solution in cloud native architectures. It is hosted by the Cloud Native Computing Foundation(CNCF) as an…
Verifying images in a private Amazon ECR with Kyverno and IAM Roles for Service Accounts (IRSA)
Community post originally published on GitHub by Shuting Zhao, a maintainer of Kyverno When running workloads in Amazon Elastic Kubernetes Service (EKS), it is essential to ensure supply chain security by verifying container image signatures and…
Notary Project announces a major release!
Project post originally published on the Notary Project blog by the Notary Project Release Team The Notary Project maintainers are proud to announce a major release, including Notary Project specifications v1.0.0, notation v1.0.0, notation-go v1.0.0, and notation-core-go v1.0.0 which are ready…
FYI: The dark side of ChatGPT is in your software supply chain
Guest post originally published on the ARMO blog by Ben Hirschberg Let’s face it, the tech world is a whirlwind of constant evolution. AI is no longer just a fancy add-on; it’s shaking things up and…
Unleashing in-toto: The API of DevSecOps
Guest post by Aditya Sirish, in-toto maintainer and Cole Kennedy, member of the in-toto steering committee The Integration Revolution Being part of the DevOps world, you’re likely no stranger to the DevSecOps buzz — the strategy…
The future of API gateways on Kubernetes
Guest post originally published on WS02’s blog by Pubudu Gunatilaka Key Takeaways Introduction The exponential growth of the Internet and cloud computing has given rise to applications that are smaller, more distributed, and designed for highly…
Decoding the difference: artifacts vs packages in software development
Guest post originally published on Cloudsmith’s blog by Andrea Saez “Artifact” and “package” are often used interchangeably, but they have distinct differences. Understand their unique roles, learn through practical examples, and discover why distinguishing between them…