Kubernetes Community Days Turkey🇹🇷•Falco SSSC WG🦅•Amazing BuildKit Release v0.11🐳•Measuring the SBOM Quality📈•Kubernetes-related Security Projects to Watch in 2023👀•GoReleaser meets ko🤝

🇹🇷 Kubernetes Community Days Turkey will be organized in Istanbul on 11-12-13 March!

Kubernetes Community Days Turkey @KcdTurkey

🎊Hello World from @KcdTurkey👋 📅We are super excited to announce that we are organizing the @KubernetesDays in Turkey for the first time. 🎉The Call for Papers is now open until 31 January! 🙉Hurry, it'd be a great opportunity to share your expertise! ➡️kcd.smapply.io/prog/kcd_turke…

kcd.smapply.ioKCD Turkey 2023 - KCD CFP Applications

12:05 PM ∙ Jan 13, 2023

---

🙉This announcement above was one of the utmost unforgettable moments in my life

🎉 Yep, you heard right, we are organizing the Kubernetes Community Days in Turkey for the first time on 11-12-13 March 2023 in Istanbul, and I’m so glad to be part of that event by being one of the organizers of it. I’m super excited to meet all of you in person.

🔥 An important update, CFP is still open until Jan 31, and please be hurry to send CFPs to take your seat in that organization as speakers. 🔥

➡️ To send a CFP: https://kcd.smapply.io/prog/kcd_turkey_2023/

📰 My blog post about OCI Image Layout is on the news once again

I'm so grateful to the KubeWeekly community for supporting my articles by giving them a spot in their newsletter series. I wrote an article about OCI Image Layout on the Continuous Delivery Foundation website, which was featured in the #332 issue of the newsletter.🥳

➡️ https://email.linuxfoundation.org/kubeweekly-332

🐳 The Best Docker BuildKit & Buildx Release so far, in my opinion!

The Docker community is one of the communities that take software supply chain security risks seriously. Accordingly, they try to add features to products both Docker Desktop, Docker CLI, and BuildKit to mitigate the risks of the software supply chain attacks, such as generating SBOMs, displaying the vulnerability information, providing SLSA provenance based on build information, etc.

The BuildKit (v0.11) release came with amazing features such as SLSA Provenance, OCI Image Layout&annotations, #SBOM, and reproducible builds through SOURCE_DATE_EPOCH build arg. All are explained in a very well format in this blog post, thanks to Justin Chadwell.

➡️ Highlights from the BuildKit v0.11 Release

🎖 I’m one of the members of the Software Supply Chain Security SIG of Continuos Delivery Foundation from now on!

All my dreams come true one by one🙈 I'm so glad to announce that I'm one of the members of the Software Supply Chain Security SIG of Continuos Delivery Foundation from now on🎉

On the other hand, I’m aware of the importance of this role, so I will try to be as active as possible in the community to be worthy of this role!

By the way, I'm not ashamed to say that I'm not an expert on SSCS, but it doesn't mean I can't help🤞

➡️ https://github.com/cdfoundation/sig-software-supply-chain/pull/29

😰 "Barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government."

The quote we mentioned in the header of this section was from the blog post by Ryan Naraine published on the SecurityWeekly website, and this is quite a big problem that we all need to be worried about. Thanks to the folx at Chainguard, they organized an event to raise awareness about the quality of the SBOMs we generate or even we already use. A great talk was recorded about measuring the #SBOM quality in Chainguard’s Software Supply Chain Security Leadership Series by the amazing folx Justin Abrahams, John Speed Meyers, and Tracy Miranda.

➡️ To watch the recording on demand: Software Supply Chain Security Leadership Series: Measuring SBOM Quality
➡️ To read the blog post: Are SBOMs Any Good? Preliminary Measurement of the Quality of Open Source Project SBOMs

🦅 Falco Software Security Supply Chain Working Group

I’m so glad to see that the Falco community created a Software Supply Chain Working Group to work on mitigating the risks of the software supply chain attacks by providing assurance on the artifacts they produce and making them more transparent to the consumers to keep them aware of the risks of their artifact associated with. Thanks to Luca Guerra for creating this working group, and I’m also super excited about being part of that WG 🎊

Here are the details of the WG:

• Slack channel: https://cloud-native.slack.com/messages/falco-sscs-wg

• HackMD: https://hackmd.io/FwSPVkdHT0i8T4Q8JdfOaw

• Join the call: https://zoom.us/my/cncffalcoproject

👀 SPIFFE, Sigstore, and Kyverno are the projects that we should keep our eye on in 2023!

A blog post was published a while ago by Kirsten Newcomer on DarkReading based on predictions about Kubernetes-related security projects to watch in 2023. I'm so glad to see all the projects I got involved in are on the list: SPIFFE, Sigstore, and Kyverno. 🥳

➡️ Kubernetes-Related Security Projects to Watch in 2023

📢 GoReleaser enthusiastically supports the ko project in 1.15!

carlos @caarlos0

So, @GoReleaser is getting Ko support in 1.15! Big props to @developerguyba and @ImJasonH for working/reviewing it! PS: you don't need to install Ko to use it within GoReleaser 🤗 goreleaser.com/customization/…

goreleaser.comGoReleaser - Docker Images with KoDeliver Go binaries as fast and easily as possible

2:51 AM ∙ Jan 17, 2023

---

If someone could ask me if you were alone on the island of software, what would be the projects you would take with you? My answer would probably be GoReleaser, ko, and, of course, cosign. 🙈

Starting with GoReleaser 1.15, I’m happy to announce that you can build your container images with ko by setting its configuration options.

Big thanks to Carlos Becker and Jason Hall, who helped to make my dream come true🫶

➡️ Here is a quick guide that can help you to experiment with ko support: Docker Images with Ko