Warning: Undefined array key "HTTP_ACCEPT_LANGUAGE" in /home/u596154002/domains/usbusinessreviews.com/public_html/wp-includes/load.php on line 2057

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the rank-math domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u596154002/domains/usbusinessreviews.com/public_html/wp-includes/functions.php on line 6114
Kubernetes taps Sigstore to thwart open-source software supply chain attacks - Best Business Review Site 2024

Kubernetes taps Sigstore to thwart open-source software supply chain attacks

[ad_1]

Container orchestrator Kubernetes will now include cryptographically signed certificates, using the Sigstore project created last year by the Linux Foundation, Google, Red Hat and Purdue University in a bid to protect against supply chain attacks.

The Sigstore certificates are being used in the just released Kubernetes version 1.24 and all future releases. 

According to founding Sigstore developer Dan Lorenc, a former member of Google’s open source security team, the use of Sigstore certificates allows Kubernetes users to verify the authenticity and integrity of the distribution they’re using by “giving users the ability to verify signatures and have greater confidence in the origin of each and every deployed Kubernetes binary, source code bundle and container image.”

It’s one step forward for open source software development in the battle against software supply chain attacks.

The Linux Foundation announced the Sigstore project in March 2021. The new Alpha-Omega open-source supply chain security project, which is backed by Google and Microsoft, also uses Sigstore certificates. Google’s open source security team announced the Sigstore-related project Cosign in May 2021 to simplify signing and verifying container images, as well as the Rekor ‘tamper resistant’ ledger, which lets software maintainers and build systems to record signed metadata to an “immutable record”. 

According to Lorenc, the Kubernetes release team’s adoption of Sigstore is part of its work on Supply chain Levels for Software Artifacts, or SLSA — a framework developed by Google for internally protecting its software supply chain that’s now a 3-level specification being shaped by Google, Intel, the Linux Foundation and others. Kubernetes 1.23 achieved SLSA Level 1 compliance in version 1.23

“Sigstore was a key project in achieving SLSA level 2 status and getting a headstart towards achieving SLSA level 3 compliance, which the Kubernetes community expects to reach this August,” says Lorenc. 

Lorenc tells ZDNet that Kubernetes’ adoption of Sigstore is a major step forward for the project because it has about 5.6 million users. The Sigstore project is also approaching Python developers with a new tool for signing Python packages, as well as major package repositories such as Maven Central and RubyGems. 

Kubernetes serves as critical focal points to help draw attention, take a large amount of work, and has an outsized impact on the entire supply chain he says. 

These efforts coincide with new projects like the new Package Analysis Project, an initiative by Google and the the Linux Foundation’s Open Source Security Foundation (OpenSSF) to identify malicious packages for popular languages like Python and JavaScript. 

Malicious packages like are regularly uploaded to popular repositories despite their best efforts, with sometimes devastating consequences for users, according to Google.

[ad_2]

Source link

slot gacor slot gacor togel macau slot hoki bandar togel slot dana slot mahjong link slot link slot777 slot gampang maxwin slot hoki slot mahjong slot maxwin slot mpo slot777 slot toto slot toto situs toto toto slot situs toto situs toto situs toto situs toto slot88 toto slot slot gacor thailand slot bet receh situs toto situs toto slot toto slot situs toto situs toto situs toto situs togel macau toto slot slot demo slot pulsa slot pragmatic situs toto deposit dana 10k surga slot toto slot link situs toto situs toto slot situs toto situs toto slot777 slot gacor situs toto slot slot pulsa 10k toto togel situs toto slot situs toto slot gacor terpercaya slot dana slot gacor pay4d agen sbobet kedai168 kedai168 deposit pulsa situs toto slot pulsa situs toto slot pulsa situs toto situs toto situs toto slot dana toto slot situs toto slot pulsa toto slot situs toto slot pulsa situs toto situs toto situs toto toto slot toto slot slot toto akun pro maxwin situs toto slot gacor maxwin slot gacor maxwin situs toto slot slot depo 10k toto slot toto slot situs toto situs toto toto slot toto slot toto slot toto togel slot toto togel situs toto situs toto toto slot slot gacor slot gacor slot gacor situs toto situs toto cytotec toto slot situs toto situs toto toto slot situs toto situs toto slot gacor maxwin slot gacor maxwin link slot 10k slot gacor maxwin slot gacor slot pulsa situs slot 10k slot 10k toto slot toto slot situs toto situs toto situs toto bandar togel 4d toto slot toto slot