Cloud Native ComputingDevelopersDevOpsNewsOpen SourceSecurity

CD Foundation Announces CDEvents Adoption, New Tekton Supply Chain Security Features


The Continuous Delivery Foundation (CDF), the open source software foundation that seeks to improve the world’s capacity to deliver software with security and speed, today announced several updates underlying the open source foundation’s momentum. The announcements come at the start of cdCon + GitOpsCon (May 8 – 9, 2023), an in-person event in Vancouver, Canada, co-organized with The Cloud Native Computing Foundation (CNCF).

CDEvents—a vendor-neutral specification for defining the format of event data to provide interoperability across services, platforms, and systems—has garnered a lot of attention since its creation last year and adoption is gaining speed. Jenkins, Spinnaker, Tekton, and Testkube projects are adopting CDEvents for their users to achieve interoperability, and enable scalability and observability of their CI/CD pipelines.

Tekton—a powerful and flexible open source framework for creating CI/CD systems, allowing developers to build, test, and deploy across cloud providers and on-premise systems—announced its new supply chain security features:

  • SLSA Level 2 Support with Tekton Chains
  • Sigstore support leaves experimental
  • Trusted Resources
  • Tekton Catalog of reusable tasks are now available on Artifact Hub

Ortelius, a unified catalog of supply chain evidence providing an end-to-end view of an organization’s security profile, announced the creation of the Emporous sub-project, an open source toolkit to manage different types of content in a single, unified system. Emporous, initially created by the open source contributors at Red Hat, helps organizations effortlessly store, organize, and search metadata related to software artifacts along with the artifacts themselves.