CNCF recently announced that the security update framework TUF graduate, became Kubernetes, then after Prometheus, Envoy, CoreDNS, containerd, Fluentd, Jaeger and Vitess ninth graduation project.
TUF is an open source technology to protect the security of the software update system, it is plug and play library used to protect software update that helps developers protect new or update existing software systems, which are generally considered vulnerable attack. This is CNCF first specification and a graduation project with a focus on security.
TUF has become a software update system security protection industry standards, including Amazon, including the leading cloud-based service providers are using it, including Amazon recently released a new implementation of TUF, as well as Microsoft, Google, Cloudflare, Datadog , DigitalOcean, Docker, IBM, Red Hat and VMware.
CNCF announcement: