Search results for: in-toto


Unleashing in-toto: The API of DevSecOps

Posted on August 17, 2023 | By Aditya Sirish and Cole Kennedy

Guest post by Aditya Sirish, in-toto maintainer and Cole Kennedy, member of the in-toto steering committee The Integration Revolution Being part of the DevOps world, you’re likely no stranger to the DevSecOps buzz — the strategy of embedding…


InfoQ: “Software Supply Chain Security Project in-toto Accepted into CNCF Incubator”

Posted on March 19, 2022

The CNCF Technical Oversight Committee (TOC) has accepted the in-toto project as a CNCF incubating project. The in-toto project aims to cryptographically protect the entire software build and delivery process – the “supply chain” – from malicious actors.


Supply chain security project in-toto moves to the CNCF Incubator

Posted on March 10, 2022

The CNCF Technical Oversight Committee (TOC) has voted to accept in-toto as a CNCF incubating project.  in-toto is a framework that protects the software supply chain by collecting and verifying relevant data. It does so by enabling libraries…


Cloud Native Computing Foundation Continues to Drive Global Cloud Native Growth as 36 New Silver Members Join

Posted on October 18, 2023

Cloud native technology continues to make an impact across industries and geographies SAN FRANCISCO, Calif. – October 18, 2023 – The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced today that 36…


KubeEdge! CNCF’s First SLSA 3 Project

Posted on February 27, 2023 | By KubeEdge SIG-Security

Community post by KubeEdge SIG-Security (Reprinted from the KubeEdge blog) In July 2022, the KubeEdge community completed a third-party security audit of KubeEdge[2] and released a paper on cloud native edge computing security threat analysis and protection. Based…


Container Security: what it is and how to implement it

Posted on November 14, 2022

Guest post originally published on SparkFabrik’s blog Containerized applications are becoming increasingly more common, and with their deployment comes an increased need to ensure adequate container security and resilience of the software supply chain. In this article, we will…


10 ways to make your software pipeline more observable

Posted on September 21, 2022

Guest post originally published on the Cloudsmith blog by Ciara Carey Ciara lists 10 ways to make your software pipelines more transparent and observable to gain insights, identify unusual behavior and possibly prevent a software supply chain attack….


Kyverno moves to the CNCF Incubator

Posted on July 12, 2022

The CNCF Technical Oversight Committee (TOC) has voted to accept Kyverno as a CNCF incubating project.  Kyverno is a policy engine designed for Kubernetes. Policies provide security and automation and simplify managing Kubernetes configurations across developers, operators, and…


Our trip to KubeCon + CloudNativeCon Valencia 2022, day by day

Posted on June 14, 2022 | By Giulio Roggero

Guest post originally published on the Mia-Platform blog by Giulio Roggero, CTO, Mia-Platform We live in an ever‑changing world where technology plays a key role in evolution. The ultimate expression of this concept is KubeCon Valencia, the flagship event…


KubeVirt becomes a CNCF incubating project

Posted on April 19, 2022

The CNCF Technical Oversight Committee (TOC) has voted to accept KubeVirt as a CNCF incubating project.  KubeVirt enables users to run virtual machine workloads on top of Kubernetes in a Kubernetes-native way. It allows the migration of legacy…