A community initiative to provide a just and transparent governance model for the Pyrsia Decentralized Package Network brings together companies like Docker, DeployHub, Oracle, and others.
Pyrsia, an open source software community initiative that uses blockchain technology to protect software packages (also known as binaries) from flaws and malicious code, has been accepted as an incubating project by the Continuous Delivery Foundation (CDF). Through the use of a centralised governance mechanism, a clear vision, and widespread participation within the larger technology and open source communities, JFrog and the CD Foundation will collaborate to guarantee Pyrsia develops its support and engagement.
According to research, the average software programme uses more than 500 open source components, and more than 75% of its code is made up of open source libraries and components. These open source dependencies are practical, but they also introduce new vulnerabilities that threat actors might use against you. For instance, a single malicious actor could potentially have an impact on thousands of downstream users by inserting malware into a well-known open source project.
Developers can certify their software components with Pyrsia, an open source-based, decentralised, secure build network and software package repository, without sacrificing compatibility, security, or efficiency. Pyrsia integrates seamlessly with the package management systems developers are already using today. Software Bill Of Materials are fundamentally based on the digitally signed, immutable chain of proof that developers obtain for their code (SBOMs). Developers and their clients can be confident that their packages come from a specific source thanks to this.
Pyrsia will be formally introduced in May 2022 thanks to a partnership with JFrog and other open source technology pioneers like Oracle, Docker, DeployHub, Futurewei, and Docker. Since then, these industry leaders in software have contributed their knowledge of how to strengthen supply chain security to the Pyrsia network, opening doors for cross-project collaboration within the CD Foundation to connect secure packages with open source tools and enhancing developers’ capacity to produce secure software at scale.
“We see Pyrsia as a natural extension of our organization’s mission to grow and sustain projects that are part of the wider continuous delivery ecosystem,” said Fatih Degirmenci, Executive Director, CD Foundation. “We’ve recently learned as an industry that no one is safe from cybercriminal activity, particularly when bad actors inject malicious packages into central repositories, wreaking havoc on downstream systems and applications. We’re proud to support Pyrsia because it puts the power back in the hands of developers and, ultimately, accelerates innovation.”