Skip to main content

2 posts tagged with "Security"

Security updates and best practices for CNCF projects

View All Tags

Cloud Native Security Controls Catalog: Refreshed, Structured, and Machine-Readable

· 3 min read
Sonu Preetam
Product Security Engineer
Jennifer Power
Principal Product Security Engineer
Hannah Braswell
Associate Product Security Engineer

Revised security guidance has been released by CNCF advisors to streamline cloud-native project security assessments.

Initially created in 2022 by CNCF's TAG Security and Compliance (TAG-SC), the Cloud Native Security Controls Catalog (CNSC Catalog) is a direct, actionable list of controls mapped to NIST SP 800-53 Rev. 5. To incorporate emerging technologies, tools, and research, a new version of the catalog has been created and released in 2026.

Now Available: Free Docker Hardened Images for the CNCF Projects

· 2 min read
Ihor Dvoretskyi
Senior Developer Advocate

Last year, the CNCF and Docker announced an expanded partnership through the Docker Sponsored Open Source (DSOS) Program to increase infrastructure and tooling support available to CNCF project maintainers. Since then, Docker has made Docker Hardened Images (DHI) freely available to all developers.

We are highlighting this update for the benefit of the CNCF maintainer community, as DHI can be used by CNCF projects as a secure and transparent foundation for shipping container images.