More exciting new releases and product updates were revealed today as KubeCon 2022 continues. 

GitLab announces new Security and Governance updates

GitLab today announced new enhancements to its Security and Governance solution which aims to help organizations integrate security and compliance in every step of the software development lifecycle as well as secure their software supply chain.

According to the company, these enhancements are intended to provide visibility and management over security findings and compliance requirements, as well as deliver an improved software supply chain security experience.

Among these enhancements are the ability to ingest software bill of materials reports and build artifact signing. Additionally, users will be better equipped to proactively identify vulnerabilities and fulfill compliance and regulatory standards. 

Slim.AI launches Container Intelligence

The cloud-native optimization and security company Slim.AI launched Container Intelligence to allow users to gain insights into what’s in the most popular container images that they’re baking into their software every day.

Container Intelligence works to scan over 160 popular public container images making up 30% of total global pull volume utilizing a combination of both open-source and proprietary scanning tools.

With this release, users gain access to publicly available container profile pages on the Slim.AI website; vulnerability counts by severity, container construction details, and package information; fully searchable and categorized containers; and the most updated data. 

Sigstore announces free software signing service

Sigstore today announced the general availability of its free software signing service. This release is intended to offer open source communities access to production-grade stable services for artifact signing and verification.

According to sigstore, the company’s goal is to provide a set of tools designed to improve supply chain security by simplifying the process of signing, verifying, and checking the software developers are building and consuming.

Sigstore stated that it will operate the service with a 99.5% uptime SLO and round-the-clock pager support. Project sponsors Google, Red Hat, GitHub, and Chainguard have helped make this possible by providing the resources that are essential to service level objectives. 

JFrog’s Pyrsia initiative incubating under CD Foundation

The liquid software company JFrog has announced that Pyrsia, an open-source software community initiative that utilizes blockchain technology in order to secure software packages, is now an incubating project under the Continuous Delivery Foundation.

“We’re excited to join our long-time partners at the CD Foundation in creating a groundswell around Pyrsia to further its mission to better secure the software supply chain,” said Stephen Chin, VP of developer relations at JFrog and governing board member for the CD Foundation. “With the CD Foundation’s support, and that of our incredible industry partners, developers can leverage Pyrsia to have peace-of-mind in knowing their open source components have not been compromised, and confidently deliver secure software at scale.”

With this incubation, JFrog and the CD Foundation intend to grow Pyrsia’s backing and engagement through a centralized governance model as well as a defined roadmap, and representation within the wider technology and open-source communities.