TestifySec

We’re thrilled to launch 𝗧𝗿𝘂𝗹𝗲𝗺𝗲𝘁𝗿𝘆: 𝗘𝘃𝗲𝗿𝘆 𝗦𝘁𝗲𝗽 𝗠𝗮𝘁𝘁𝗲𝗿𝘀, a #podcast for software developers, security experts, and leaders tackling the challenges of modern software supply chain security. Co-hosted by Matt “Mohawk” Denny and Cole Kennedy, each episode explores the critical intersections of software supply chain security, compliance, open source technology, modern software development, DevSecOps and more; uncovering the stories from industry leaders in the public and private sectors. 🎧 In our first episode, we dive into the TestifySec journey with co-founder Cole Kennedy, exploring: • How TestifySec was started with Mikhail Swift and Cole Kennedy as an open-source initiative, evolving into a comprehensive platform addressing compliance and security challenges. • The concept of shifting compliance left to tackle requirements early, reduce risks, and seize market opportunities. • The value of open-source projects like Witness and Archivista, donated to CNCF, and their impact on software supply chain security. • How TestifySec maps developer activities to compliance controls, fostering collaboration, validation, and continuous monitoring. • Insights on implementing NIST guidelines and enabling continuous compliance in modern development environments. • Cole shares his personal journey—from software engineering to military service and co-founding TestifySec—highlighting his passion for building a platform that delivers business value alongside security solutions. 🎧 Tune in to the first episode now. Available on where ever you listen to podcasts, including YouTube. Follow us for updates, behind-the-scenes content, and inspiring conversations with industry leaders! #Trulemetry #CyberSecurity #DevSecOps #TestifySec

Episode 1 of our new #podcast, Trulemetry, drops tomorrow. Here is a little teaser from Cole talking about how we have been shifting compliance left and enhancing software supply chain security to our automated compliance platform that maps developer activities directly into compliance controls. How do you do #compliance? Make sure to find us and subscribe on your favorite podcasting platforms.

🙌 EXCITING ANNOUNCEMENT! Our new #podcast drops tomorrow and Cole Kennedy shares why he is excited to co-host: Trulemetry: Every Step Matters. Trulemetry comes from combining two words often used when talking about #compliance and as we aspire to Shift Compliance Left, one of the ways we achieve that is by harnessing "Trusted Telemetry" at every stage of your software development lifecycle. As Cole says below, we are excited to bring awesome conversations around compliance, governance, software supply chain security and more. What do you want us to talk about this year? Who should we talk to? To stay updated with the latest episodes you can search and subscribe wherever you do your podcasting. #compliance #governance #DevSecOps

Exciting news! Matt “Mohawk” Denny 🧨 our very own marketing and outreach director, has been named Cloud Native Computing Foundation (CNCF) Marketing Co-Chair for 2025! 🎉 In just a few years, Matt has gained a passion for open source and the communities around it, and his unique ability to connect people has made waves. Whether hosting events, scaling communities across industries (including the DoD!), or fostering collaboration at every level, Matt brings unmatched energy and expertise to the CNCF. Matt said this about being selected “I’m passionate about giving back to the community that has supported me, and I believe the Marketing Committee can amplify CNCF’s values by fostering collaboration, inclusivity, and shared growth. By contributing my expertise, I aim to create a more dynamic ecosystem where members feel empowered to engage, contribute, and thrive together.” At TestifySec, we’re proud of our open-source roots, including donating #Witness and #Archivista under the in-toto project in 2023. Seeing Matt represent this spirit in CNCF is incredible. Congratulations, Matt, on this well-deserved role! 💪 He will lead and co-chair with fellow #cncf contributor Rohit Ghumare. #CNCF #OpenSource #Leadership

𝗪𝗵𝗮𝘁 𝗨𝗯𝗲𝗿 𝗧𝗮𝘂𝗴𝗵𝘁 𝗨𝘀 𝗔𝗯𝗼𝘂𝘁 𝗖𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝗰𝗲 - Uber deploys 34,000 times a week. Here’s what we can learn from their CI/CD strategy. Instead of blocking developers at every security issue, Uber shifts decision-making to the CD (Continuous Deployment) stage. • Incremental rollouts: Build trust over time for secure workloads. • Incentives: Gamify compliance to encourage better behavior. • Provenance tracking: Use metadata to classify workloads from "unsecured" to "uber-secure." The lesson? Stop treating digital assets like durable goods. For fast-moving teams, visibility and incremental controls can replace rigid CI blocks. At #TestifySec, tools like #𝗪𝗶𝘁𝗻𝗲𝘀𝘀 and #𝗔𝗿𝗰𝗵𝗶𝘃𝗶𝘀𝘁𝗮 are helping teams adopt similar models by tracking provenance and deferring policy enforcement without halting progress. How has your team rethought CI/CD pipelines to reduce bottlenecks?

𝗕𝗿𝗶𝗱𝗴𝗶𝗻𝗴 𝘁𝗵𝗲 𝗚𝗮𝗽: 𝗗𝗲𝘃𝗲𝗹𝗼𝗽𝗲𝗿𝘀 𝗮𝗻𝗱 𝗖𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝗰𝗲 𝗧𝗲𝗮𝗺𝘀 - Developers say compliance is too slow. Compliance says development moves too fast. But here’s a question for developers: What have we done to make compliance easier? And for compliance teams: How can we move at the speed of modern pipelines? The answer lies in 𝘀𝗵𝗶𝗳𝘁𝗶𝗻𝗴 𝗰𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝗰𝗲 𝗹𝗲𝗳𝘁—integrating compliance checks directly into development workflows without disrupting velocity. 💡Imagine if you had:  • Automated compliance evidence collection (no chasing down scans or approvals). • Real-time visibility into compliance and security status for both teams. • Trusted telemetry bridging the gap. By working hand-in-hand, we can reduce friction, expand into new markets (hello, FedRAMP!), and create better, faster, and safer software. How do you think we can better integrate these two critical teams? #compliance #security #DevSecOps

We wish you a Merry Christmas! 🎄 👩💻

Happy Christmas and Merry Holidays! Our team is taking a much deserved break so that we can come back strong in 2025 and solve your compliance, security and FedRAMP needs. Thanks to everyone who made this year incredible and we hope you are taking the time you want to recharge as well. See you in 2025! 🥂

Save this for some holiday reading. One of our developers, Kris Coleman, recently wrote about his experience Scaling Shift-Left at TestifySec: Compliance at Scale doesn't have to be hard. Kris shares his journey at Corewell Health, achieving continuous delivery and automating compliance—and the monumental challenge of scaling that success across teams. The solution? Enter TestifySec. Discover how TestifySec: ✅ Automates compliance ✅ Guides teams toward high-performing practices ✅ Streamlines enterprise-wide adoption If scaling DevSecOps practices feels like an uphill climb, this article is your perfect holiday reading. Read more below. #DevSecOps #ContinuousDelivery #ComplianceAutomation #SoftwareSupplyChain

We are still celebrating the success of #KubeCon + #CloudNativeCon last month. We are grateful for everyone we spoke to about #security and #compliance. And we are especially thankful for the amazing communities we are apart of within the Cloud Native Computing Foundation (CNCF) and beyond. As Matt was recently quoted in an interview at KubeCon: “No community compares to #opensource! I love how willing everyone is to help each other. I make new friends and partners everyday.” We look forward to continuing those friendships and partnerships into 2025. But for now we hope you are finishing up the year strong to take a much deserved break to celebrate all the hard work we/you have all done this year. 🎉 🙌🏽