Discover Security Projects News
Citi Donates Software Supply Chain Security Kit to OpenSSF
The financial services company's prototype system based on CNCF's software supply chain security guidelines joins OpenSSF's $150 million open source standards campaign.
A series of software supply chain security standards efforts under the Open Source Security Foundation have emerged this month as the open source community races to get ahead of mounting cyberattacks.
The latest is Secure Software Factory, a prototype toolchain created by financial services company Citi. It combines open source projects such as Tekton and Kyverno to follow a set of best practices established by a Cloud Native Computing Foundation (CNCF) whitepaper last year. Citi donated Secure Software Factory this week to the OpenSSF, a Linux Foundation subgroup created to foster open source security projects such as Sigstore and Google's Supply chain Levels for Software Artifacts (SLSA).