Open source projects under the vendor-neutral CD Foundation umbrella supporting larger strategic focus on extending continuous delivery security
DETROIT, October 25, 2022 – The Continuous Delivery Foundation (CDF), the open source software foundation that seeks to improve the world’s capacity to deliver software with security and speed, today announced at its CD Summit that Pyrsia became its newest Incubating Project, Tekton completed the graduation process, and CDEvents released v0.1.
“Interoperability and Supply Chain Security are the keys to the growth of the modern Software Delivery ecosystem. The Continuous Delivery Foundation is making great progress this year towards these goals: Project Pyrsia brings package delivery to our ecosystem. Tekton shows great adoption and wide collaboration in the industry, and its graduated status is well deserved,” said Oleg Nenashev, CDF TOC Chair, Sr. Director at the Dynatrace OSPO, Jenkins and Keptn maintainer. “Shortly, the CDEvents standard should boost interoperability between projects, and I’m happy to see so many multi-tool presentations at the CD Summit. Thanks to all member organizations and individual contributors that help us to move forward!”
Pyrsia Joins the CD Foundation
Pyrsia (pronounced “pir-see-ah”) is a decentralized package network to secure the software supply chain of open source dependencies by creating a system that secures open source builds and distribution. This is key to accelerating supply chain security across several different languages. With Pyrsia, developers can gain confidence by having transparency on the source of the package and solutions provided for best practices in all aspects of software delivery.
Pyrsia repo and install instructions here: https://github.com/pyrsia
“We are excited for Pyrsia to be joining the CDF because it assures Pyrsia will continue to grow on a solid foundation utilizing a fair, open, and transparent governance model,” Stephen Chin, VP of Developer Relations at JFrog, and CD Foundation Board Chair. “Pyrsia brings leaders in the software industry with decades of experience developing, deploying, and securing code pipelines. The CDF will work together to set the groundwork for a system that provides unmatched security workflows for open source builds and distribution of packages.”
Pyrsia democratizes the distribution of artifacts; anyone can disturb and distribute open source dependencies/packages without going through a central place. This allows communities and organizations to contribute, instead of relying on a single/ central service.
“Developers are often frustrated with the security gates slowing down the delivery pipeline. Pyrsia is driven by the open source developer community to quickly and easily leverage any package with full transparency,” said Fatih Degirmenci, Executive Director, CD Foundation. “Transparency is critical for the security and advancement of the global development of software. The CD Foundation is excited to work closely with Pyrsia to be key in scaling supply chain security.”
CDF is committed to making sure Pyrsia has a broad representation of different technology companies, cloud providers, and more such as cross-project collaboration with Tekton, CDEvents, as well as collaboration with other groups within the CDF.
Tekton is Graduating
The CD Foundation Technical Oversight Committee (TOC) conducted public voting to decide on the graduation status for Tekton. The Tekton community is very proud of the results of the vote and will continue working to make Tekton better and safer for its users.
The Graduated Stage for projects under the CD Foundation umbrella is when they have reached their growth goals and are now on a sustaining cycle of development, maintenance, and long-term support. Graduated Stage projects are used commonly in enterprise production environments and have large, well-established project communities.
Tekton is a powerful and flexible open source framework for creating CI/CD systems, allowing developers to build, test, and deploy across cloud providers and on-premise systems. Tekton is used today by several end-user companies and as a basis for several cloud offerings. It also provides the base platform for a range of open source projects in the CI/CD space and beyond. Tekton benefits from a large and diverse community, with contributors from many different companies. It is one of the CD Foundation’s founding projects.
The Tekton community features an open governance model, strong design principles and development standards and security practices, like a dedicated vulnerability management team, security scans integrated into CI and an independent security audit which was recently announced.
CDEvents Releases v0.1
CDF recently announced it is hosting the CDEvents project, a vendor-neutral specification for defining the format and information model of event data to enable interoperability across services, platforms and systems used in the software production ecosystem.
The first release version of the CDEvents spec v0.1.0 is being announced. It covers events spanning from configuration management systems, through CI and CD, enough to calculate DevOps metrics like the lead time for changes and deployment frequency.
CDEvents v0.1.0 features versioned schemas for all events and SDKs in Golang and Python to help tools produce and consume CDEvents. A Java SDK is being worked on as well. The first release includes a CloudEvents binding, so it supports out-of-the-box transport over several different messaging systems.
The current release of the CDEvents specification is available here. For more information, the CDEvents project has published their first whitepaper called: CDEvents: The Next Evolution in CI/CD Technologies.
The CD Summit + Spinnaker Summit are being held October 24 – 25 co-located at KubeCon CloudNativeCon North America 2022, at the Detroit Marriott at the Renaissance Center.
The CD Foundation provides a wide range of services to support open source projects, and projects begin the process as an Incubating Project. This is for projects that are interested in reaching broad adoption and have identified a growth plan for doing so. Projects receive mentorship from the CD Foundation Technical Oversight Committee (TOC) and are expected to actively develop their community of contributors, governance, project documentation, and more. Full details on bringing an open source continuous delivery project to the CDF are available here.
Pyrsia is a Decentralized Package Network improving the security of open source software and the supply chain security of these libraries that are critical for software development. Pyrsia aims to secure the software supply chain of open source dependencies by creating a system that secures open source builds and distribution. Visit the Pyrsia website: https://pyrsia.io/
Tekton is a cloud-native solution for building CI/CD systems. It consists of Tekton Pipelines, which provides the building blocks, and of supporting components, such as Tekton CLI and Tekton Catalog, that make Tekton a complete ecosystem. Tekton is part of the CD Foundation, a Linux Foundation project. For more information, see the Overview of Tekton.
CDEvents is a common specification for Continuous Delivery events, enabling interoperability in the complete software production ecosystem. It’s an incubated project at the CD Foundation. To get started, please see the CDEvents Documentation: https://cdevents.dev/
About the Continuous Delivery Foundation
The CD Foundation seeks to improve the world’s capacity to deliver software with security and speed. The CDF is a vendor-neutral organization that is establishing best practices of software delivery automation, propelling education and adoption of CD tools, and facilitating cross-pollination across emerging technologies. The CDF is home to many of the fastest-growing projects for CD, including Jenkins, Jenkins X, Tekton, and Spinnaker. The CDF is part of the Linux Foundation, a nonprofit organization. For more information about the CDF, please visit https://cd.foundation.
Additional CD Foundation Resources
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page. Linux is a registered trademark of Linus Torvalds.