CNCF Security Slam 2023

Thursday, February 01, 2024

Tags:

event

Starting in this dicussion it peaked our interested. Especially seeing which end users seem to have submitted response for our project. So we started working towards a 100% score on the CNCF Security Slam 2023 and were rewarded for our work with this patch:

CNCF Slam 2023 Award

🦄 Notable changes regarding Supply Chain security we have done during the CNCF Security Slam:

Release Helm charts in OCI format
Implement Docker Image publication with ko.build
Signed Releases, SBOMs
Provide Attestation for published artifacts (SLSA Level 3)

Read how artifacts can be verified here: https://lnkd.in/eUJvR7YP

If you would like to use signed images with ko or publish helm charts in OCI format, we have templates for that: https://lnkd.in/ePgMJhRN

In the end we were able to achieve a 100% score on the CNCF Security Slam 2023. And were awarded four badges (beside being the second project to overall achieve a 100% score in CLOMonitor):

Sadly none of of the maintainers were able to attend the KubeCon+CloudNativeCon NA 2023. But our good friend Fabio Pasetti was there and accepted the award on our behalf from Eddie Night:

CNCF Slam 2023 Receiver

We are looking forward to the next Security Slam and are trying to improve our projects security continuously.

←Previous
Next→

Last modified March 7, 2024: chore: preview adopters (76a2d60)