Modal Title
Cloud Native Ecosystem Containers Edge Computing Microservices Networking Serverless Storage
A CTO’s Guide to Navigating the Cloud Native Ecosystem
Jun 13th 2023 9:39am, by Jess Lulka
Survey Says: Cloud Maturity Matters
Jun 13th 2023 6:20am, by Fredric Paul
The Rise of the Cloud Native Cloud
Jun 12th 2023 9:38am, by John Dietz
Winglang: Cloud Development Programming for the AI Era
Jun 9th 2023 10:00am, by Shai Ber
Infrastructure as Code: Modernizing for Faster Development
Jun 8th 2023 12:59pm, by Heather Joslyn
A CTO’s Guide to Navigating the Cloud Native Ecosystem
Jun 13th 2023 9:39am, by Jess Lulka
Deploy a Kubernetes Development Environment with Kind
Jun 10th 2023 7:00am, by Jack Wallen
Chainguard Improves Security for Its Container Image Registry
May 31st 2023 6:30am, by Steven J. Vaughan-Nichols
How to Protect Containerized Workloads at Runtime
May 30th 2023 4:00am, by Kevin Casey
How to Containerize a Python Application with Paketo Buildpacks
May 29th 2023 5:00am, by Sylvain Kalache
Creating an IoT Data Pipeline Using InfluxDB and AWS
Jun 5th 2023 10:25am, by Jason Myers
Dell Intros New Edge, Generative AI, Cloud, Zero Trust Prods
May 31st 2023 11:00am, by Chris J. Preimesberger
Gothenburg, Sweden Used Open Source IoT to Drastically Cut Water Waste
May 23rd 2023 6:58am, by Alex Handy
Building a Plant Monitoring Tool with IoT
May 8th 2023 9:27am, by Zoe Steinkamp
How to Choose and Model Time Series Databases
Apr 28th 2023 3:00am, by Robert Kimani
In the Great Microservices Debate, Value Eats Size for Lunch
Jun 13th 2023 6:10am, by Anoop Balakuntalam
Amazon Prime Video’s Microservices Move Doesn’t Lead to a Monolith after All
Jun 13th 2023 6:00am, by Scott M. Fulton III
Case Study: A WebAssembly Failure, and Lessons Learned
May 25th 2023 7:00am, by Susan Hall
RabbitMQ Is Boring, and I Love It
May 15th 2023 6:30am, by Josh Long
How OpenSearch Visualizes Jaeger's Distributed Tracing
May 11th 2023 10:00am, by Derek Ho and Jonah Kowall
WithSecure Pours Energy into Making Software More Efficient
Jun 1st 2023 7:14am, by Joe Fay
Don't Force Containers and Disrupt Workflows
May 25th 2023 3:10pm, by Alex Williams
How to Decide Between a Layer 2 or Layer 3 Network
Apr 25th 2023 10:00am, by Gino Dion
Linkerd Service Mesh Update Addresses More Demanding User Base
Apr 11th 2023 6:17am, by Joab Jackson
Wireshark Celebrates 25th Anniversary with a New Foundation
Mar 28th 2023 5:00am, by Joab Jackson
Microsoft Fabric Defragments Analytics, Enters Public Preview
May 23rd 2023 8:00am, by Andrew Brust
Forrester on WebAssembly for Developers: Frontend to Backend
May 17th 2023 6:00am, by Loraine Lawson
Return of the Monolith: Amazon Dumps Microservices for Video Monitoring
May 4th 2023 7:23am, by Joab Jackson
IBM's Quiet Approach to AI, Wasm and Serverless
May 4th 2023 6:00am, by Loraine Lawson
Cloud Control Planes for All: Implement Internal Platforms with Crossplane
Apr 13th 2023 10:00am, by Bassam Tabbara
The Architect’s Guide to Storage for AI
Jun 1st 2023 7:44am, by Keith Pijanowski
8 Real-Time Data Best Practices
Jun 1st 2023 5:00am, by Jennifer Riggins
Raft Native: The Foundation for Streaming Data’s Best Future
May 30th 2023 9:44am, by Doug Flora
Why the Document Model Is More Cost-Efficient Than RDBMS
May 25th 2023 9:24am, by Rick Houlihan
Amazon Aurora vs. Redshift: What You Need to Know
May 25th 2023 6:27am, by Casey Samulski
Frontend Development Software Development Typescript WebAssembly Cloud Services Data Machine Learning Security
Dev News: Apollo Drama, Monster API and Mobile App Discontent
Jun 10th 2023 6:00am, by
Vision Pro for Devs: Easy to Start, but UI Not Revolutionary
Jun 9th 2023 9:09am, by
Dev News: A New Rust Release and Chrome 114 Updates
Jun 3rd 2023 9:00am, by
Dealing with Death: Social Networks and Modes of Access
Jun 3rd 2023 6:00am, by
LangChain: The Trendiest Web Framework of 2023, Thanks to AI
Jun 1st 2023 10:57am, by
The First Kubernetes Bill of Materials Standard Arrives
Jun 13th 2023 10:48am, by
A CTO’s Guide to Navigating the Cloud Native Ecosystem
Jun 13th 2023 9:39am, by
At PlatformCon: For Realtor.com, Success Is Driven by Stories
Jun 13th 2023 9:31am, by
A New Tool for the Open Source LLM Developer Stack: Aviary
Jun 13th 2023 7:53am, by
Challenger to x86 RISEs to Solve the Software Problem
Jun 12th 2023 11:00am, by
Dev News: A New Rust Release and Chrome 114 Updates
Jun 3rd 2023 9:00am, by
Dev News: New Microsoft Edge Tools and Goodbye Node.js 16
May 27th 2023 6:00am, by
Dev News: Angular v16, plus Node.js and TypeScript Updates
Apr 22nd 2023 4:00am, by
This Week in Computing: Malware Gone Wild
Mar 25th 2023 7:10am, by
TypeScript 5.0: New Decorators Standard, Smaller npm
Mar 24th 2023 11:25am, by
WebAssembly and Go: A Guide to Getting Started (Part 1)
Jun 12th 2023 5:00am, by
WebAssembly and Go: A Guide to Getting Started (Part 2)
Jun 12th 2023 5:00am, by
How WASM (and Rust) Unlocks the Mysteries of Quantum Computing
Jun 8th 2023 3:00am, by
The Need to Roll up Your Sleeves for WebAssembly
Jun 5th 2023 6:00am, by
Python and WebAssembly: Elevating Performance for Web Apps
Jun 5th 2023 3:00am, by
Amazon Prime Video’s Microservices Move Doesn’t Lead to a Monolith after All
Jun 13th 2023 6:00am, by
Open Sourcing AWS Cedar Is a Game Changer for IAM
Jun 12th 2023 10:00am, by
Dell Intros New Edge, Generative AI, Cloud, Zero Trust Prods
May 31st 2023 11:00am, by
Cloud Dependencies Need to Stop F---ing Us When They Go Down
May 25th 2023 10:00am, by
Microsoft Fabric Defragments Analytics, Enters Public Preview
May 23rd 2023 8:00am, by
Case Study: Graph Databases Help Track Ill-Gotten Assets
Jun 12th 2023 4:00am, by
Vector Databases: What Devs Need to Know about How They Work
Jun 10th 2023 5:00am, by
Vetting an Open Source Database? 5 Green Flags to Look for
Jun 9th 2023 11:25am, by
Neil deGrasse Tyson on AI Fears and Pluto’s Demotion
Jun 9th 2023 6:00am, by
How Apache Airflow Better Manages Machine Learning Pipelines
Jun 8th 2023 3:13pm, by
How to Reduce the Hallucinations from Large Language Models
Jun 9th 2023 7:46am, by
Cybersecurity Pioneer Calls for Regulations to Restrain AI
Jun 9th 2023 5:00am, by
How Apache Airflow Better Manages Machine Learning Pipelines
Jun 8th 2023 3:13pm, by
DataStax Adds Vector Search to Astra DB on Google Cloud
Jun 7th 2023 10:07am, by
Enhance Kubernetes Scheduling for GPU-Heavy Apps with Node Templates
Jun 7th 2023 10:00am, by
Survey Says: Cloud Maturity Matters
Jun 13th 2023 6:20am, by
Open Sourcing AWS Cedar Is a Game Changer for IAM
Jun 12th 2023 10:00am, by
API Security: Is Authorization the Biggest Threat?
Jun 12th 2023 7:29am, by
How DevSecOps Teams Should Approach API Security
Jun 12th 2023 6:30am, by
Cloud-Focused Attacks Growing More Frequent, More Brazen
Jun 12th 2023 6:00am, by
Platform Engineering Operations CI/CD Tech Life DevOps Kubernetes Observability Service Mesh
At PlatformCon: For Realtor.com, Success Is Driven by Stories
Jun 13th 2023 9:31am, by Jennifer Riggins
‘Running Service’ Blueprint for a Kubernetes Developer Portal
Jun 7th 2023 8:30am, by Zohar Einy
Building GPT Applications on Open Source Stack LangChain
Jun 7th 2023 6:58am, by Akmal Chaudhri
Can DevEx Metrics Drive Developer Productivity?
Jun 7th 2023 3:00am, by Jennifer Riggins
SRE vs. DevOps? Successful Platform Engineering Needs Both
Jun 6th 2023 10:53am, by Paige Cruz
Survey Says: Cloud Maturity Matters
Jun 13th 2023 6:20am, by Fredric Paul
Open Sourcing AWS Cedar Is a Game Changer for IAM
Jun 12th 2023 10:00am, by Or Weis
The Rise of the Cloud Native Cloud
Jun 12th 2023 9:38am, by John Dietz
Cloud-Focused Attacks Growing More Frequent, More Brazen
Jun 12th 2023 6:00am, by Kevin Casey
Generative AI: What's Ahead for Enterprises?
Jun 8th 2023 11:13am, by Heather Joslyn
Is DevOps Tool Complexity Slowing Down Developer Velocity?
May 17th 2023 6:29am, by Heather Joslyn and Lawrence E Hecht
AI Has Become Integral to the Software Delivery Lifecycle
May 12th 2023 11:01am, by Richard MacManus
4 Core Principles of GitOps
May 11th 2023 2:17pm, by Alex Williams
5 Version-Control Tools Game Developers Should Know About
May 9th 2023 10:00am, by Sharone Zitzman
Mitigate Risk Beyond the Supply Chain with Runtime Monitoring
May 8th 2023 10:00am, by Mike Long
Neil deGrasse Tyson on AI Fears and Pluto’s Demotion
Jun 9th 2023 6:00am, by Loraine Lawson
Can DevEx Metrics Drive Developer Productivity?
Jun 7th 2023 3:00am, by Jennifer Riggins
Donald Knuth Asked ChatGPT 20 Questions. What Did We Learn?
Jun 4th 2023 6:00am, by David Cassel
Dealing with Death: Social Networks and Modes of Access
Jun 3rd 2023 6:00am, by David Eastman
Defend Open Source from Trolls: Oppose Patent Rule Changes
Jun 2nd 2023 6:49am, by Michael Dolan
At PlatformCon: For Realtor.com, Success Is Driven by Stories
Jun 13th 2023 9:31am, by Jennifer Riggins
How DevSecOps Teams Should Approach API Security
Jun 12th 2023 6:30am, by Gary Archer
GitLab All in on AI: CEO Predicts Increased Demand for Coders
Jun 9th 2023 8:26am, by Loraine Lawson
Unlocking DevSecOps' Potential Challenges, Successes, Future
Jun 9th 2023 7:40am, by Steven J. Vaughan-Nichols
‘Running Service’ Blueprint for a Kubernetes Developer Portal
Jun 7th 2023 8:30am, by Zohar Einy
The First Kubernetes Bill of Materials Standard Arrives
Jun 13th 2023 10:48am, by Steven J. Vaughan-Nichols
The Rise of the Cloud Native Cloud
Jun 12th 2023 9:38am, by John Dietz
Deploy a Kubernetes Development Environment with Kind
Jun 10th 2023 7:00am, by Jack Wallen
Enhance Kubernetes Scheduling for GPU-Heavy Apps with Node Templates
Jun 7th 2023 10:00am, by Žilvinas Urbonas
‘Running Service’ Blueprint for a Kubernetes Developer Portal
Jun 7th 2023 8:30am, by Zohar Einy
How Adobe Uses OpenTelemetry Collector
Jun 5th 2023 10:02am, by Susan Hall
Red Hat Ansible Gets Event-Triggered Automation, AI Assist on Playbooks
May 24th 2023 6:22am, by Joab Jackson
Observability: Working with Metrics, Logs and Traces
May 22nd 2023 8:23am, by Jessica Wachtel
Why Upgrade to Observability from Application Monitoring?
May 19th 2023 11:49am, by George Hamilton
Datadog’s $65M Bill and Why Developers Should Care
May 17th 2023 10:56am, by Loraine Lawson
Don't Force Containers and Disrupt Workflows
May 25th 2023 3:10pm, by Alex Williams
Linkerd Service Mesh Update Addresses More Demanding User Base
Apr 11th 2023 6:17am, by Joab Jackson
How to Create Zero Trust Architecture for Service Mesh
Mar 27th 2023 7:00am, by Joe Fay
Ambient Mesh: Sidestepping the Sidecar
Mar 1st 2023 8:44am, by Jeff Goldman
Service Mesh Demand for Kubernetes Shifts to Security
Oct 27th 2022 11:04am, by B. Cameron Gain
Kubernetes / Science / Software Development

The First Kubernetes Bill of Materials Standard Arrives

Software Bills of Materials are becoming commonplace as a brick in the wall of code security defense. Now, there's one just for Kubernetes.
Jun 13th, 2023 10:48am by
Featued image for: The First Kubernetes Bill of Materials Standard Arrives

If you’re not using a Software Bill of Materials (SBOM) yet, you will be soon. They’re seen as essential groundwork for building code security defense. While there are many SBOM standards, such as Software Package Data Exchange (SPDX), CycloneDX: and GitHub’s dependency submission format, there hasn’t been one just for the popular container orchestration program Kubernetes until now: Kubernetes Security Operations Center’s (KSOC) Kubernetes Bill of Materials (KBOM) standard.

At this early stage, KBOM is a rough first draft. It provides an initial specification in JavaScript Object Notation (JSON) It’s been shown to work with Kubernetes 1.19 and newer; hyperscale cloud services providers; and do-it-yourself Kubernetes.

With the KBOM’s shell interface, cloud security teams can gain a comprehensive understanding of third-party tooling within their environment. This development is aimed at enabling quicker responses to the surge of new Kubernetes tooling vulnerabilities.

Is It Necessary?

Is there really a need for this, though, since there are many SBOM standards? Since  Kubernetes is used by over  96% of organizations to orchestrate container deployments, clearly there’s a deployment security gap here. After all, Kubernetes security adoption remains low, with 34% in 2022. A major barrier to securing Kubernetes is getting an accurate grasp of the environment’s scope.

As KSOC CTO Jimmy Mesta explained: “Kubernetes is orchestrating the applications of many of the biggest business brands we know and love. Adoption is no longer an excuse, and yet from a security perspective, we continually leave Kubernetes itself out of the conversation when it comes to standards and compliance guidelines, focusing only on the activity before application deployment.” Therefore, “We are releasing this KBOM standard as a first step to getting Kubernetes into the conversation when it comes to compliance guidelines. ”

To meet these needs, KBOM offers a concise overview of a Kubernetes cluster’s elements. These include:

  • Workload count.
  • Cost and type of hosting service.
  • Vulnerabilities for both internal and hosted images.
  • Third-party customization, for example, the deployed custom resources, authentication, and service mesh.
  • Version details for the managed platform, the Kubelet, and more.

Sounds interesting? It should. To contribute, you can download the CLI tool today or learn more about the standard. You can also work on this Apache 2 open source program via its GitHub page.

Group Created with Sketch.
Steven J. Vaughan-Nichols, aka sjvn, has been writing about technology and the business of technology since CP/M-80 was the cutting-edge PC operating system, 300bps was a fast internet connection, WordStar was the state-of-the-art word processor, and we liked it.
Read more from Steven J. Vaughan-Nichols
SHARE THIS STORY
RELATED STORIES
GitOps as an Evolution of Kubernetes Enhance Kubernetes Scheduling for GPU-Heavy Apps with Node Templates Container or VM? How to Choose the Right Option in 2023 Deploy a Kubernetes Development Environment with Kind A Boring Kubernetes Release
RELATED STORIES
Enhance Kubernetes Scheduling for GPU-Heavy Apps with Node Templates My Further Adventures (and More Success) with Rancher Guardrails Can Be the Common Language to Bring Dev and Ops Together The Need to Roll up Your Sleeves for WebAssembly How to Protect Containerized Workloads at Runtime
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.