🕺🏻CNCF Ambassador 23•🐳 Docker Desktop v4.18•💃SLSA v1.0 RC2•📩 LiFT Scholarship Applications•🇹🇷KCD Turkey and Docker Istanbul Community Group• ✍️ Statement of Interest for Sigstore GSoD
🕺🏻I’m thrilled to announce that I'm selected to be part of the new @cncfambassadors #CloudNativeAmbassador program in 2023!
I can truly say that this one was more like a dream for me and I can’t believe that it finally came true, YES, I’ve been accepted to the CNCF’s Ambassador Program in 2023 and became the very first ambassador from 🇹🇷. I don’t know how to express my feelings right now but I can say that I’m so happy to be part of that program and all I want to say is that I’ll do my best to be worthy of it.
🐳 Docker Desktop v4.18 was released a while ago which is a release that focuses on improvements in the command line and in Docker Desktop.
In Docker Desktop 4.17, Docker Scout was first introduced, a tool that provides visibility into image vulnerabilities and recommendations for quick remediation. In v4.18, based on the community feedback, there are some improvements included in the Docker Scout:
Vulnerability Quickview
Image recommendations directly on the command line
Improved remediation guidance with BuildKit SBOM utilization
A preview feature comparing images (imagine using diff but for container images)
A new subcommand named `init` was introduced, a new CLI command that lets you quickly add Docker to your project by automatically creating the required assets: Dockerfiles, Compose files, and .dockerignore.
Here are the great resources from excellent people:
Introducing Docker Init: Generating Docker Assets for Your Projects by Ajeet Singh Raina
A YouTube video recorded by Francesco
Refer to the docker init
documentation to learn more.
💃SLSA v1.0 RC2 was announced last week which is your last chance to provide feedback before v1.0 will be released!
SLSA specification is a security framework, a checklist of standards and controls to prevent tampering, improve the integrity, and secure packages and infrastructure, and it gets evolved over the years finally, it will be reached its v1.0 release pretty soon. The SLSA Community announced SLSA v1.0 Release Candidate 2 (RC2) following the valuable feedback they received on the first release candidate.
At the same time, Michael Lieberman wrote a blog post about SLSA to help us understand SLSA a bit better: The Breadth and Depth of SLSA
🎊 Draft release support landed on SLSA GitHub Generator by me!
My first PR to SLSA GitHub Generator which is a language-agnostic SLSA provenance generation for GitHub Actions got merged last week which was related to adding draft-release support. While working on the osv-scanner project by Google, I realized that they mark their release as a draft for some reason. In that case, if we set the upload-assets parameter of the Generic SLSA 3 Generator as true, we will see two different releases with the same tag, one is marked as draft the other is marked as latest which indicates a problem that we need to solve.
So, I raised an issue to tell more about the problem I’m facing, and then I noticed that Ian Lewis already created an issue about this and they talked quite a bit about the problem, so, the only thing left is solving the issue. 🧑🏻💻
Finally, to complete the work, we need to test it by adding a test workflow to the example-package project, which is a project by the same community to test all the workflows provided by the SLSA Github Generator.
I’ve added a sample workflow to test the draft release support here.
🌟AS A BONUS, If you are willing to become a contributor to the SLSA Generators like Trusted Go, Generic, Container, and Docker-based generators, you should add your e2e tests to the example package, and thanks to Ian Lewis for a detailed explanation of these.
⏰Final chances to apply for Linux Foundation Training (LiFT) Scholarship Program, the deadline is 3️⃣0️⃣ April!
Are you looking for a chance to attend training courses and take certification exams at no cost? This program is right for you. Because this program provides opportunities to up-and-coming Developers and SysAdmins who show promise to help shape the future of Linux and open-source software but do not otherwise have the ability to attend training courses or take certification exams.
Here is the application form, do not forget to APPLY! ⌛️
🎫🤹♀️🇹🇷 Kubernetes Community Days Turkey tickets are now open for sale and I joined the Docker Istanbul Meetup Group as an organizer!
We’ll organize the very first KCD Turkey in Istanbul between May 10-12 and as we completed the final CFP review process, I can genuinely say that there were lots of amazing talks, now, this is a perfect time to open tickets for sale and I’m thrilled to announce that tickets are now open for sale 🥳
As you know, I recently shared that I was included in the Docker Captain program. 🥳 Now I am taking the first steps of this process by starting to work as an organizer in the Docker Istanbul Community Group🙋♂️
This means that I humbly invite all those who are curious about Docker and of course all container-specific technologies to join this group. 🫶 In a very short time, I am looking forward to greening these places and meeting you with beautiful physical activities 🤩
✍️ The Sigstore Technical Writer Statement of Interest form for participation in Google Season of Docs is now live, the deadline is 21 April, HURRY UP🚀
Google Season of Docs seeks to empower open-source organizations to understand their documentation needs, to create documentation to fill those needs, to measure the effect and impact of their documentation, and, in the spirit of open source, to share what they've learned to help guide other projects. Fortunately, the Sigstore team is part of that program. This is a perfect opportunity to make an improvement in the Sigsstore official documentation while learning lots of amazing stuff about supply chain security and the tools developed by the Sigstore team like Cosign, Rekor, and Fulcio, and hurry, time is ticking! ⌛️
Here is the application form, do not forget to APPLY!