The organization at the heart of modern open-source cloud-computing standards has taken another two projects under its umbrella, tackling container security for the first time.
Members of the Cloud Native Computing Foundation have voted to absorb Notary and TUF into the group, it plans to announce Tuesday at the Open Source Summit Europe in Prague. Notary, the first project, is an implementation of The Update Framework (known as TUF) specification for ensuring the right containers are running in the right places.
The notary was developed at Docker, and it allows software development teams to “sign” their containers with a certificate that verifies the author is someone with permission to deploy that container, said Nathan McCauley, director of security at Docker. It also verifies that the container hasn’t been tampered with along the way, and multiple signatures can be attached to a container as it moves through the software development process.
It’s based on TUF, the second project coming into the CNCF Tuesday. TUF is a specification that was developed by Justin Cappos while he was a researcher at the University of Washington and refined during his tenure at NYU as a professor.