Cloud Native ComputingDevelopersDevOpsKubernetesNewsOpen SourceSecurity

New Software Supply Chain Security Project Pyrsia Joins The CD Foundation


The Continuous Delivery Foundation (CDF), the open source software foundation that seeks to improve the world’s capacity to deliver software with security and speed, announced at its CD Summit that Pyrsia became its newest Incubating Project, Tekton completed the graduation process, and CDEvents released v0.1.

Pyrsia is a decentralized package network to secure the software supply chain of open source dependencies by creating a system that secures open source builds and distribution. This is key to accelerating supply chain security across several different languages. With Pyrsia, developers can gain confidence by having transparency on the source of the package and solutions provided for best practices in all aspects of software delivery.

Pyrsia democratizes the distribution of artifacts; anyone can disturb and distribute open source dependencies/packages without going through a central place. This allows communities and organizations to contribute, instead of relying on a single/ central service.

CDF is committed to making sure Pyrsia has a broad representation of different technology companies, cloud providers, and more such as cross-project collaboration with Tekton, CDEvents, as well as collaboration with other groups within the CDF.

The CD Foundation Technical Oversight Committee (TOC) conducted public voting to decide on the graduation status for Tekton. The Tekton community is very proud of the results of the vote and will continue working to make Tekton better and safer for its users.

The Graduated Stage for projects under the CD Foundation umbrella is when they have reached their growth goals and are now on a sustaining cycle of development, maintenance, and long-term support. Graduated Stage projects are used commonly in enterprise production environments and have large, well-established project communities.

CDF recently announced it is hosting the CDEvents project, a vendor-neutral specification for defining the format and information model of event data to enable interoperability across services, platforms and systems used in the software production ecosystem.

The first release version of the CDEvents spec v0.1.0 is being announced. It covers events spanning from configuration management systems, through CI and CD, enough to calculate DevOps metrics like the lead time for changes and deployment frequency.

CDEvents v0.1.0 features versioned schemas for all events and SDKs in Golang and Python to help tools produce and consume CDEvents. A Java SDK is being worked on as well. The first release includes a CloudEvents binding, so it supports out-of-the-box transport over several different messaging systems.

The current release of the CDEvents specification is available here.

Sigstore Announces GA Of Free Software Signing Service At SigstoreCon

Previous article

Mirantis Discovers Kubernetes Networking Bug

Next article
Login/Sign up