Skip to main content

CD Foundation Announces Significant Project Momentum at cdCon + GitOpsCon

CD Foundation announces CDEvents adoption, new Tekton supply chain security features, and a new Ortelius sub-project called Emporous

VANCOUVER, May 8, 2023 /PRNewswire/ — The Continuous Delivery Foundation (CDF), the open source software foundation that seeks to improve the world’s capacity to deliver software with security and speed, today announced several updates underlying the open source foundation’s momentum. The announcements come at the start of cdCon + GitOpsCon (May 8 – 9, 2023), an in-person event in Vancouver, Canada, co-organized with The Cloud Native Computing Foundation (CNCF).

CDEvents Adoption

CDEvents—a vendor-neutral specification for defining the format of event data to provide interoperability across services, platforms, and systems—has garnered a lot of attention since its creation last year and adoption is gaining speed. Jenkins, Spinnaker, Tekton, and Testkube projects are adopting CDEvents for their users to achieve interoperability, and enable scalability and observability of their CI/CD pipelines. 

“Continuous, fast, and secure delivery of software is powered by the fantastic and varied ecosystem of tools in the CDF and CNCF landscapes and beyond. The abundance of options can be a challenge to users though, which is why the CDF TOC promotes collaboration between the various open source projects and fosters interoperability between them,” said Andrea Frittoli, Open Source Developer Advocate at IBM and the chair of the CDF Technical Oversight Committee. “I’m really thrilled about the progress made by the CDEvents community, as the specification is adopted by more and more tools and its development continues empowered by the collaboration and feedback of end users.”

“There is an increasing level of complexity and responsibility placed on developers and enterprises to create and manage the Software Delivery Lifecycle (SDL) processes and ecosystem,” said Ger McMahon, Product Area Leader for ALM Tools and Platforms at Fidelity Investments. “From the code created on keyboards to the code running in production, a wealth of digital events and data are being generated. The CDEvents project is key to enabling interoperability which, in turn, simplifies the process of safely and securely delivering value to customers. The results for the enterprise are an improved developer experience, a reduced risk to the firm, and an increased feature velocity which drives greater end-to-end quality and efficiency through the events, data and DevOps Intelligence.”

“At Ericsson we believe that innovation and simplification are key to unlocking the full potential of telecommunication networks. With the continuous introduction of new technologies and methodologies the telecommunications industry is undergoing significant transformation. The need for innovative and simplified software and service deployment which is underpinned by the principle of interoperability has never been more critical. To that end, Ericsson co-founded CDEvents,” said Frank Kelly, Head of Network Automation, Ericsson Software Technology. “We are excited to further collaborate with the community and shape our industry in a positive way.” 

“Testing is key to delivering high-quality solutions with any CD pipeline, and the new CDEvents for testing-related activities allow for much-improved feedback loops and quality gated workflows in complex build environments,” said Bruno Lopes, Product Manager at Testkube. “The Testkube team is proud to be part of this effort together with the CDF, both in crafting the specification and providing an initial implementation.”

Read the full details and quotes here.

New Supply Chain Security Features in Tekton

Tekton—a powerful and flexible open source framework for creating CI/CD systems, allowing developers to build, test, and deploy across cloud providers and on-premise systems—announced its new supply chain security features: 

“It’s very difficult to dabble and patch your way to a protected and resilient software supply chain,” said Al Huizenga, the Tekton product manager at Google Cloud. “Developers need to have the right foundational patterns in place to create a secure software supply chain. So as an emerging industry standard framework for continuous delivery, it’s really important that Tekton continues to bake in SLSA standards and controls by default.”

“Sigstore has been gaining adoption in many developer communities and Tekton Chains is thrilled to be a part of it,” said Billy Lynch, Software Engineer at Chainguard and maintainer of projects for both Tekton and Sigstore. “Being able to sign artifacts without needing to worry about keys goes a long way to help developers secure their supply chains without needing to worry about the complexities of key management.”

Read the full details and quotes here.

New Ortelius Sub-project: Emporous

Ortelius, a unified catalog of supply chain evidence providing an end-to-end view of an organization’s security profile, announced the creation of the Emporous sub-project, an open source toolkit to manage different types of content in a single, unified system. Emporous,  initially created by the open source contributors at Red Hat, helps organizations effortlessly store, organize, and search metadata related to software artifacts along with the artifacts themselves.

“Emporous will be incorporated to enhance metadata search capabilities and provide a single repository to store any type of artifact from containers to jar files,” according to Steve Taylor, Sr. Ortelius Contributor. 

Read the full details and quotes here.

Additional Resources

About the CD Foundation

The Continuous Delivery Foundation (CDF) seeks to improve the world’s capacity to deliver software with security and speed. The CDF is a vendor-neutral organization that is establishing best practices of software delivery automation, propelling education and adoption of CD tools, and facilitating cross-pollination across emerging technologies. The CDF is home to many of the fastest-growing projects for CD, including Jenkins, Jenkins X, Tekton, and Spinnaker. The CDF is part of the Linux Foundation, a non-profit organization. For more information about the CDF, please visit https://cd.foundation.

Media Contact

Michelle Martineau
The Linux Foundation
pr@cd.foundation