News/Tech News

KubeEdge Achieves SLSA Level 3 Compliance

Published on march 31, 2023

CNCF incubating project KubeEdge recently achieved Supply Chain Levels for Software Artifacts (SLSA) Level 3 compliance. As a result of SLSA 3, KubeEdge has certified the end-to-end security of its software supply chain process, ensuring that binary and container image artifacts are protected against malicious manipulation.

On the CNCF blog, the KubeEdge Special Interest Group (SIG)-Security announced the compliance. It is a security framework and checklist of standards that protect software artifacts from unauthorized modification and common supply chain attacks, from source code build to release. The SLSA is currently in alpha, and the requirements for level three and four may change in the future.

The introduction of vulnerabilities into a supply chain can be initiated by any piece of software. In order to ensure the integrity of artifacts as a system becomes more intricate, it is essential to establish checks and implement best practices in advance.

For level three SLSA compliance, KubeEdge currently meets the Source, Build, and Provenance requirements.

For build-related compliance, KubeEdge uses GitHub scripts to automate its build process. The scripts are stored in the “.github/workflows” directory as definition and configuration files, and they are implemented using GitHub Actions. It offers traceability and verifiability of build steps, an isolated and ephemeral build environment, and protection against tampering with build parameters and dependencies.

Evidence of the software build and release execution process is provided by the build metadata, which can be authenticated. Metadata includes build steps, build sources, and dependencies, such as source code repositories, code branches, and configuration files.

As a side note, SLSA released its first major update since June 2021 – the SLSA v1.0 RC1 Specification. One of the highlights of this update is the division of SLSA into multiple tracks, each of which contains a distinct set of levels evaluating a specific aspect of software supply chain security.

We also saw an article on YCombinator introducing Chainloop, an open-source software supply chain control plane. By utilizing Chainloop, SecOps teams can restore security compliance, visibility, standardization, and control. Developers can ensure compliance with minimal effort.

For more information about SLSA, interested readers can visit the SLSA community page. Readers can follow KubeEdge’s official GitHub page for more information.

Tech News

ChatGPT Is Fun, but the Future Is Fully Autonomous AI for Code at QCon London img

ChatGPT Is Fun, but the Future Is Fully Autonomous AI for Code at QCon London

A presentation on artificial intelligence (AI) for code writing was given by Mathew Lodge, CEO of DiffBlue, at the…

New Java SE Universal Subscription from Oracle img

New Java SE Universal Subscription from Oracle

Since January 2023, Oracle has announced the new Java SE Universal subscription and pricing, which will replace ..

Our Latest Blog

Mastering Full Stack Python Development with Django A Comprehensive Guide

Mastering Full Stack Python Development with Django: A Comprehensive Guide

Python is a powerful programming language that has taken the world of web development by...
Read More
Mastering Machine Learning A Beginner's Guide to Python

Mastering Machine Learning: A Beginner’s Guide to Python

Welcome to the world of machine learning! With the ever-increasing demand for artificial intelligence and...
Read More
Unlocking the Power of Data Science with Python A Beginner's Guide

Unlocking the Power of Data Science with Python: A Beginner’s Guide

Data science has become an essential part of many industries today, and Python has become...
Read More

Follow Us


Browse LSET presentations to understand interesting…

Explore Now

Get complete guides to empower yourself academically…

Explore Now

Learn about information technology and business…

Explore Now