Wind River, a global leader in software for mission- and safety-critical systems, has announced new enhancements to its VxWorks platform with added support for Sigstore Cosign and broader availability of its real-time container engine. These updates further strengthen the security and manageability of containerized applications on VxWorks-based devices.
VxWorks remains the first and only RTOS to support Open Container Initiative (OCI)–compliant containers, enabling cloud-native workflows at the intelligent edge without compromising real-time determinism, performance, or certification readiness.
⚙️ Foundation and Open-Standard Compliance #
Wind River’s container strategy builds on its real-time embedded container engine, first introduced in 2021, and has continued to mature with a focus on standards compliance and zero-overhead design.
- OCI Compliance: The VxWorks real-time container engine strictly adheres to OCI specifications for container packaging, distribution, and runtime, as defined by the Cloud Native Computing Foundation (CNCF).
- Zero-Overhead Design: Containers are implemented without sacrificing real-time performance, preserving VxWorks’ deterministic behavior.
- Application Isolation: In 2022, Wind River added support for overlay file systems, a critical capability for isolating application software and managing independent updates.
VxWorks also supports Kubernetes through a true embedded kubelet, allowing development teams to use familiar cloud-native tools and workflows. This eliminates the need for custom, proprietary tooling and enables teams to develop, deploy, manage, and update real-time RTOS software using the same infrastructure and practices commonly used with Linux—while reducing cost, risk, and operational complexity.
VxWorks is the first and only RTOS to support OCI-compliant containers, simplifying software deployment and management, lowering operational costs, and enabling faster development of intelligent edge software without sacrificing determinism and performance. The addition of Cosign support further strengthens secure deployment and update workflows for critical systems.
— Avijit Sinha, Chief Product Officer, Wind River
✈️ Industry Adoption and Real-World Benefits #
Containerized microservices architectures provide significant advantages over traditional monolithic application models, particularly in systems that combine mixed-criticality workloads.
-
Aerospace (Collins Aerospace):
Containers allow microservices of different criticality levels to coexist safely. High Design Assurance Level (DAL) components can remain isolated and stable, while lower-DAL components can evolve rapidly. This separation helps reduce certification cost and complexity, while enabling the use of open-source software and agile development methods for non-critical functions. -
Automotive (Aptiv):
Containerization accelerates the transition to the software-defined vehicle by simplifying software updates and modernizing legacy applications.Emerging containerized software enables developers to work efficiently and modernize legacy applications easily. VxWorks can significantly reduce the effort and cost of software updates and unlock new business models, delivering substantial value to automotive Tier 1s and OEMs.
— Benjamin Lyon, Senior Vice President and CTO, Aptiv
Across industries such as automotive, aerospace, defense, and industrial systems, containers are becoming a key enabler for modular software architectures that support faster innovation while maintaining strict safety and reliability requirements.
🔐 Strengthening Container Security with Cosign #
To further enhance container security, Wind River has added support for Sigstore Cosign, complementing its existing secure registry access and secure software development capabilities.
- Signed Containers: Cosign enables cryptographic signing and verification of container images, ensuring software authenticity and integrity.
- Infrastructure Reuse: Developers can leverage existing cloud-managed Key Management Systems (KMS) and container registries, avoiding the need to introduce new security tooling.
- Simplified Compliance: Image verification becomes a natural part of the deployment pipeline, helping teams meet security and compliance requirements for safety- and mission-critical systems.
These capabilities reinforce VxWorks’ position as a secure, cloud-native RTOS for the intelligent edge.
Wind River’s continued investment in real-time containers has been recognized with the 2023 Container Support Platinum Innovation Award, underscoring the company’s leadership in bringing modern, secure, and standards-based container technology to safety- and mission-critical environments.