Virtualization Technology News and Information
JFrog-Led Open Source "Pyrsia" Initiative to Secure the Software Supply Chain will be Contributed to the CD Foundation
JFrog Ltd. announced Pyrsia, an open source software community initiative that utilizes blockchain technology to secure software packages (a.k.a. binaries) from vulnerabilities and malicious code, has become an incubating project under the Continuous Delivery Foundation (CDF). Working together, JFrog and the CD Foundation will ensure Pyrsia grows its backing and engagement through the use of a centralized governance model, defined roadmap, and broad representation within the wider technology and open source communities.

"We're excited to join our long-time partners at the CD Foundation in creating a groundswell around Pyrsia to further its mission to better secure the software supply chain," said Stephen Chin, VP of Developer Relations at JFrog and Governing Board Member for the CD Foundation. "With the CD Foundation's support, and that of our incredible industry partners, developers can leverage Pyrsia to have peace of mind in knowing their open source components have not been compromised, and confidently deliver secure software at scale."

[ Watch the VMblog KubeCon 2022 Video Interview with Stephen Chin of JFrog ]

Research shows open source libraries and components make up more than 75 percent of the code in the average software application, with the average software application depending on more than 500 components. While these open source dependencies are convenient, they also present new vulnerabilities that threat actors can exploit. For example, one bad actor injecting malware into a popular open source project has the potential to affect thousands of downstream users.

Pyrsia is an open source-based, decentralized, secure build network and software package repository that seamlessly integrates with the package management systems developers are already using today, so they can certify their software components without foregoing compatibility, security, or efficiency. Developers receive a digitally signed, immutable chain of evidence for their code, which is an essential building block for Software Bill Of Materials (SBOMs). This provides developers and their customer's assurance in knowing the exact source of their packages.

"We see Pyrsia as a natural extension of our organization's mission to grow and sustain projects that are part of the wider continuous delivery ecosystem," said Fatih Degirmenci, Executive Director, CD Foundation. "We've recently learned as an industry that no one is safe from cybercriminal activity, particularly when bad actors inject malicious packages into central repositories, wreaking havoc on downstream systems and applications. We're proud to support Pyrsia because it puts the power back in the hands of developers and, ultimately, accelerates innovation."

JFrog, along with other open source technology leaders, including Docker, DeployHub, Futurewei, and Oracle, collaborated to officially launch Pyrsia in May 2022. Since then, these software giants have lent their expertise on how to better secure the software supply chain to the Pyrsia network, creating opportunities for cross-project collaboration within the CD Foundation to interlink secure packages with community tools, helping improve developers' ability to deliver secure software at scale.

To learn more and join the Pyrsia community, visit
Published Tuesday, October 25, 2022 9:13 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<October 2022>