Web Assembly

Jco (@bytecodealliance/jco on NPM)is a “multi-tool for the JS WebAssembly ecosystem.” At the 2026 Bytecode Alliance Plumbers Summit, Technical Steering Committee member Bailey Hayes put it another way: Jco is “like five projects in one.” It’s certainly a project with many facets—five big ones, arguably! Recognizing what those facets are, and how they fit together, is the key to understanding why Jco matters beyond the JavaScript ecosystem. In this blog series, we’ll draw on Victor Adossi’s Plumbers Summit presentation to take an in-depth look at Jco from five different perspectives, in order to better grasp how you can use (and contribute to!) Jco today. There’s a lot to unpack here, so in this first post, we’ll try to get to grips with Jco as a layered architecture that brings together many pieces of the Wasm and JS ecosystem.

The Kubewarden ecosystem continues to expand its supply chain security capabilities! Hot on the heels of the Admission Controller 1.33 release, we are excited to announce SBOMscanner v0.10.0. This release introduces powerful new features and critical stability fixes. Let’s dive in! Workload Scan Until now, SBOMscanner required explicit Registry configurations to scan images. However, what usually matters most are the images actively running in your cluster. The new Workload Scan feature automatically discovers and scans container images based on live workloads.

The garden is thriving and Kubewarden 1.33 is ready to bloom! Following last release’s big repotting, this one is serious about pruning, including a security issue. It’s not all housekeeping though, fresh flowers are blooming and come with nice features: BYO-PKI landing in the policy-server, field mask filtering for context-aware calls, proxy support, and a few more treats. Let’s dig in! Security fix: Cross-namespace data access, removal of deprecated API calls In our previous post we explained how our architecture protects namespaced policy users from privilege escalations.

Why Kubewarden is not affected by CVE-2026-22039 The recent vulnerability CVE-2026-22039 is doing the rounds in the Kubernetes security community, with dramatic titles such as “How an admission controller vulnerability turned Kubernetes namespaces into a security illusion”. You can read about people doubting admission controllers, claiming they have too much power, or they represent too high a value target. In this blogpost, we reassure Kubewarden users that they aren’t affected thanks to our architecture, and explain why.

The Bytecode Alliance is pleased to invite you to the next installment in our ongoing Plumbers Summits event series, each designed to bring our members and community together to collectively contribute to the strategic planning for the upcoming year. Our next event will be held Wednesday and Thursday, February 25 and 26, 2026. This will be an all online event, supporting full remote participation for anyone anywhere, with sessions recorded so they can be watched anytime afterward via our YouTube channel

Another year rolls around, and Kubewarden is still growing like a well-watered houseplant! Kubewarden got a New Year’s resolution to tidy up and repot, and have gone full on with digital gardening. This release is a maintenance one, with big moves to monorepos and a refresh in release artifacts. New Admission Controller monorepo With the addition of SBOMscanner to the Kubewarden harvest, we saw a great opportunity for cleanup on the Admission Controller side.

In April of 2015, Luke Wagner made the first commits to a new repository called WebAssembly/design, adding a high-level design document for a “binary format to serve as a web compilation target.”

Join us in celebrating a fruitful 2025 for the Kubewarden project! The team has spent time planting kernels and enjoying the fruit of the grown ideas. Let’s look together at what the basket brings as we say ciao to 2025. Grab anything you like for the trip! Expanding the Scope: Introducing SBOMScanner 2025 saw Kubewarden expand beyond admission policies with the introduction of SBOMScanner, a new project donated to CNCF under the Kubewarden umbrella.