"The partnership centers on providing CNCF projects with access to Kusari Inspector, a tool that combines AI-assisted code review with dependency analysis to identify risks across both direct and transitive dependencies."
"Software supply chains are expanding in both scale and complexity, introducing new attack surfaces and operational risks, making it difficult for maintainers to fully understand what is included in their software."
"For open source projects, often maintained by small, resource-constrained teams, this complexity is compounded by fragmented tooling and limited visibility, making it harder to prioritize and remediate vulnerabilities effectively."
CNCF and Kusari have partnered to improve software supply chain security for cloud-native projects by providing free access to Kusari's AI-powered security tools. The initiative aims to assist maintainers and contributors in managing complex dependency ecosystems without requiring extensive security knowledge. Kusari Inspector will offer AI-assisted code review and dependency analysis to identify risks. The collaboration addresses the growing challenges of expanding software supply chains, which introduce new risks and complexities, particularly for open source projects maintained by small teams with limited resources.
Read at InfoQ
Unable to calculate read time
Collection
[
|
...
]