Update CNCF Brings Security to the Cloud Native Stack with Notary, TUF Adoption

Main Contents:

CNCF Brings Security to the Cloud Native Stack with Notary, TUF Adoption is an article under the topic Data Science Many of you are most interested in today !! Today, let’s InApps.net learn CNCF Brings Security to the Cloud Native Stack with Notary, TUF Adoption in today’s post !

Read more about CNCF Brings Security to the Cloud Native Stack with Notary, TUF Adoption at Wikipedia

You can find content about CNCF Brings Security to the Cloud Native Stack with Notary, TUF Adoption from the Wikipedia website

The Cloud Native Computing Foundation continues to vigorously build its portfolio of open source cloud-native technologies. CNCF’s Technical Oversight Committee voted to accept both the Docker-developed Notary trusted content framework and the specification Notary was built on, TUF, as the 13th and 14th hosted projects, respectively.

The organizations announced the new members at the Open Source Summit Europe, being held this week in Prague.

Notary at a Glance

865 GitHub stars
156 forks
45 contributors
8 maintainers
2600+ commits
34 releases

Released by Docker in 2015, Notary manages the metadata needed to ensure the integrity of container image updates, even those on untrusted networks and linked to compromised registries. The software allows developers to sign applications at every step of development, blocking malicious content from being injected into the workflow.

Notary provides both a client and a pair of server applications to host signed metadata and signing duties. It is included in both the Docker Enterprise Edition and Community Edition and is a component of Docker’s Moby Project.

The interactions between the Notary client, server, and signer.

Huawei, Motorola Solutions, VMWare, LinuxKit, Quay, and Kubernetes also use Notary.

TUF at a Glance

517 GitHub stars
74 forks
27+ contributors
2700+ commits

Notary is based on The Update Framework (TUF) specification, a specification originally designed to secure software updates across distributed systems. TUF provides a design to keep resources secure even when cryptographic keys or servers are compromised. TUF predates the current popularity of containers and was originally developed for any form of software distribution.

The Kolide monitoring platform uses a TUF implementation to securely distribute osquery through an auto-updater.

TUF was originally written in 2009 by New York University Professor Justin Cappos and developed further by Cappos’s Secure Systems Lab at NYU’s Tandon School of Engineering.

Open Justin Cappos – TUF (The Update Framework) on Vimeo.

Notary and TUF join the following CNCF projects Kubernetes, Prometheus, OpenTracing, Fluentd, linkerd, gRPC, CoreDNS, containerd, rkt, CNI, Envoy, and Jaeger.

The Cloud Native Computing Foundation is a sponsor of InApps Technology.

Feature image via Pixabay.

InApps Technology is a wholly owned subsidiary of Insight Partners, an investor in the following companies mentioned in this article: Docker.

Source: InApps.net

Rate this post

Phu Nguyen

As a Senior Tech Enthusiast, I bring a decade of experience to the realm of tech writing, blending deep industry knowledge with a passion for storytelling. With expertise in software development to emerging tech trends like AI and IoT—my articles not only inform but also inspire. My journey in tech writing has been marked by a commitment to accuracy, clarity, and engaging storytelling, making me a trusted voice in the tech community.