New software service for the supply chain, fuzzing Java, and more | Opensource.com

New software service for the supply chain, fuzzing Java, and more

A look at current open source community and industry trends.

Person standing in front of a giant computer screen with numbers, data
Image by : 
Opensource.com
x

Subscribe now

Get the highlights in your inbox every week.

As part of my role as a principal communication strategist at an enterprise software company with an open source development model, I publish a regular update about open source community, market, and industry trends. Here are some of my and their favorite articles from that update.

Linux Foundation announces new open source software signing service

Without standardization, securing the software supply chain will be almost impossible. It's sigstore backers' hope that they can fix these issues. The goal is worth the effort. As Josh Aas, executive director of the Internet Security Research Group (ISRG) and Let's Encrypt, said "Securing a software deployment ought to start with making sure we're running the software we think we are. Sigstore represents a great opportunity to bring more confidence and transparency to the open-source software supply chain."

The impact: One of the core promises of open source is that "with enough eyes, all bugs are shallow," which is a claim that has been made for the security of the software as well. This effort (and others like it) represent an industry-wide approach to backing up that claim.

OSS-Fuzz has found more than 25,000 bugs in open source projects using fuzzing. We look forward to seeing how this technique can help secure and improve code written in JVM-based languages.

The impact: It is exciting to see what might have been an extra step in the development process being made easy and integral early on. 

Linaro to release monthly GNU Toolchain integration builds

“Linaro’s goal is to empower the Arm ecosystem, making it easier for those with a need for a binary toolchain to have access before an official release", said Mike Holmes, Director of Foundation Technologies at
Linaro. “By having access to the monthly GNU Toolchain integration builds, developers can feel more confident that their system will be stable against the future full release.”

The impact: This should be an accelerant for developing the ARM ecosystem, which already seems to be growing by leaps and bounds.

Top Kubernetes health metrics you must monitor

Kubernetes is one of the most popular choices for container management and automation today. A highly efficient Kubernetes setup generates innumerable new metrics every day, making monitoring cluster health quite challenging. You might find yourself sifting through several different metrics without being entirely sure which ones are the most insightful and warrant utmost attention. As daunting a task as this may seem, you can hit the ground running by knowing which of these metrics provide the right kind of insights into the health of your Kubernetes clusters. In this article, we take you through a few Kubernetes health metrics that top our list. 

The impact: It's not enough to see the forest for the trees; you need to see the forest and the trees. Kubernetes = forest; health metrics = trees.

I hope you enjoyed this list and come back next week for more open source community, market, and industry trends.

Spider web on green background

Starting a new CA is a lot of work. The Internet Security Research Group co-founder and director...
Cat wearing glasses

Navigate advanced Kubernetes administration without the command line with Lens, the "Kubernetes IDE."

Topics

About the author

Tim Hildred stands with arms crossed.
Tim Hildred - I'm Tim. I like to write about how technology affects people, and vice versa. I’m constantly engaging with the news, tech, and culture with an eye to building the best possible sci-fi future. Every couple of weeks I’d like to share the best of it with you in a hopepunk newsletter (or on Twitter if you're into that sort of thing).