Zebeth Media Solutions

kubecon detroit 2022

Sigstore launches free software signing and verification service for open source projects • ZebethMedia

By zebethcontrolPosted on Posted in Enterprise, kubecon detroit 2022, open source, sigstore, software security, supply chainNo Comments on Sigstore launches free software signing and verification service for open source projects • ZebethMedia

Software supply chain quickly became a hot topic in the last few years, especially as the number of high-profile attacks increased and the White House got involved. Sigstore, an open source project supported by the likes of Google, GitHub, Chainguard and RedHat, has become somewhat of a standard for signing, verifying and protecting software projects — and the dependencies they use — to make sure that the software you install and run on your machines hasn’t been manipulated. These days, after all, there aren’t many software projects that don’t rely on at least one — and usually multiple — open-source libraries, which themselves probably rely on other libraries, too. And with many of these projects maintained by volunteers, they make for an easy target for hackers. Today, at SigstoreCon, a co-located event at the CNCF’s KubeCon/CloudNativeCon conference in Detroit, the Sigstore community announced the general availability of its free software signing service for open source projects. Sigstore is already one of the fasted adopted open source projects ever, with more than 4 million signatures logged so far. Both the Kubernetes and Python communities use it to sign their releases. And npm, the popular JavaScript package manager, is currently in the process of integrating Sigstore to ensure the provenance of its packages. Image Credits: Sigstore “Sigstore has rapidly become the standard for signing, verifying, and protecting software, so it’s great to announce the general availability to remove one last barrier for more widespread adoption during a time when software supply chain security is more important than ever,” said Priya Wadhwa, a member of the Sigstore Technical Steering Committee and software engineer at Chainguard. “It is our hope that this next phase of Sigstore will empower the rest of the open source software ecosystem to gain increased confidence in adopting this technology and benefit from its reliable and stable experience.” The Sigstore community promises a 99.5% uptime and pager support — more than most free projects can offer. Sigstore, it’s worth noting, is a nonprofit project that is funded under the Open Source Security Foundation. Sigstore itself consists of a number of projects for signing containers, saving that information in an immutable ledger and, of course, creating those certificates in the first place.

Read More

Docker launches a first preview of its WebAssembly tooling • ZebethMedia

By zebethcontrolPosted on Posted in developers, Docker, Enterprise, infrastructure, kubecon detroit 2022, WebAssemblyNo Comments on Docker launches a first preview of its WebAssembly tooling • ZebethMedia

Docker is still around and likely doing better – at last in financial terms — than during its early hype cycle that kicked off the container revolution (only to then be eclipsed by Kubernetes and its ecosystem). Today, the company announced the first technical preview of its WebAssembly (Wasm) support. Browser vendors pioneered Wasm to run web apps at native speeds, with code compiled from C, C++, Rust and other languages and run in a secure sandbox. Currently, you can compile about 40 languages to Wasm. But similar to how node.js brought JavaScript to the server, Wasm is now also migrating to the backend. Cloudflare supports it in its edge computing service, for example. We’re also starting to see some funding rounds in this space as VCs start waking up to the potential, with Cosmonic today announcing a $9 million funding round for its Wasm PaaS, for example. Fermyon announced a $20 million Series A round earlier this month. Docker clearly wants to be an early player in this space, too. The company notes that this is still very much a technical preview and that things will likely break. In this case, the Docker Engine uses the same containerd container runtime as the rest of the Docker ecosystem, but instead of using runc to run the container processes, it uses the wasmedge runtime. While Docker doesn’t go into details here, the promise of wasmedge is that it offers significantly faster startup times compared to Linux containers and that WasmEdge apps are significantly smaller (and run faster). Image Credits: Docker “We see Wasm as a complementary technology to Linux containers where developers can choose which technology they use (or both!) depending on the use case,” Docker’s Michael Irwin writes in today’s announcement. “And as the community explores what’s possible with Wasm, we want to help make Wasm applications easier to develop, build, and run using the experience and tools you know and love.” In addition to the product news, Docker also today announced that it will be joining the Bytecode Alliance, the non-profit behind WebAssembly and the WebAssembly System Interface that makes these new projects possible, as a voting member.

Read More
Subscribe to Zebeth Media Solutions

You may contact us by filling in this form any time you need professional support or have any questions. You can also fill in the form to leave your comments or feedback.

We respect your privacy.
business and solar energy