DEVOPSdigest

JFrog announced Pyrsia, an open source software community initiative that utilizes blockchain technology to secure software packages (a.k.a. binaries) from vulnerabilities and malicious code, has become an incubating project under the Continuous Delivery Foundation (CDF).

Working together, JFrog and the CD Foundation will ensure Pyrsia grows its backing and engagement through the use of a centralized governance model, defined roadmap, and broad representation within the wider technology and open source communities.
JFrog-Led Open Source Initiative “Pyrsia” to be incubated under the CD Foundation.

Stephen Chin, VP of Developer Relations at JFrog and Governing Board Member for the CD Foundation, said: “With the CD Foundation’s support, and that of our incredible industry partners, developers can leverage Pyrsia to have peace of mind in knowing their open source components have not been compromised, and confidently deliver secure software at scale.”

Pyrsia is an open source-based, decentralized, secure build network and software package repository that seamlessly integrates with the package management systems developers are already using today, so they can certify their software components without foregoing compatibility, security, or efficiency. Developers receive a digitally signed, immutable chain of evidence for their code, which is an essential building block for Software Bill of Materials (SBOMs). This provides developers and their customer’s assurance in knowing the exact source of their packages.

“We see Pyrsia as a natural extension of our organization’s mission to grow and sustain projects that are part of the wider continuous delivery ecosystem,” said Fatih Degirmenci, Executive Director, CD Foundation. “We’ve recently learned as an industry that no one is safe from cybercriminal activity, particularly when bad actors inject malicious packages into central repositories, wreaking havoc on downstream systems and applications. We’re proud to support Pyrsia because it puts the power back in the hands of developers and, ultimately, accelerates innovation.”

JFrog, along with other open source technology leaders, including Docker, DeployHub, Futurewei, and Oracle, collaborated to officially launch Pyrsia in May 2022. Since then, these software giants have lent their expertise on how to better secure the software supply chain to the Pyrsia network, creating opportunities for cross-project collaboration within the CD Foundation to interlink secure packages with community tools, helping improve developers’ ability to deliver secure software at scale.