The CNCF TOC identifies specific project that provide capabilities related to security, including policy, identity, authentication, authorization, auditing, compliance, cost management, etc.

These are known as "Security Providers" and the SIG will prioritize review of each project's annual security assessment.

Current list of projects:

• Falco
• Harbor
• in-toto
• Open Policy Agent
• Notary
• TUF
• SPIFFE
• SPIRE