Personal Updates, OpenSSF, Continuous Delivery Foundation SSC SIG, Wolfi OS, Docker Career Openings, idea about ko, SBOM and Rekor
π€¦π»ββοΈPersonal Updates
π¨π³ My Blog Post about Becoming the Next Best Sigstore Evangelist was Translated into Chinese and shared by OpenSSF China
I wrote an article about my journey of winning the βBest Sigstore Evangelistβ to encourage people to become the next best sigstore evangelist. It was published on the Sigstore blog recently. A while ago, Feynman Zhao, one of my friends, reached out to me from Twitter DM and said, βYour blog post has been translated into Chinese and retweeted by OpenSSF China,β and that was another OMG kind of moment in my life π
π€I applied for KubeCon+CloudNativeCon Europe 2023 Scholarship
A while ago, CNCF announced an importantΒ updateΒ about the scholarship for the KubeCon + CloudNativeCon Europe. If you ask what the importance of these scholarships is, they give you a chance to attend KubeCon if you still need to attend them. So, please apply for these kinds of scholarships to keep your dream alive π₯
πOCI Image Layout: No more Additional Network Requests
I wrote a blog post about the OCI Image Layout, impressed by the talk by Brandon Mitchell, and it was published on the Continuous Delivery Foundation blog a while ago. The CDF told me it got over 1K hits on LinkedIn, which is awesome, so Iβm so glad to them for helping me to create such an impact π₯³
π Sigstore December Roundup mentioned my blog post
Sigstore always publishes monthly roundups, which is one of the utmost critical ways of keeping yourself notified about the recent updates all along with the Sigstore community in one of the roundups, specifically theΒ December Roundup; thanks to the Sigstore, they mentioned my blog post in the βNew Contentβ section, but this is not the only section within the roundup, you will find lots of notable updates in different categories related with the community π£
π OpenSSF community shared two important reports
The OpenSSF community shared two important reports recently: β2022 In Year Reviewβ and β2022 Annual Reportβ. These kinds of reports are essential for us to see all the efforts made so far from a single point. You should go and check out the highlights of the year 2022 on behalf of the OpenSSF community; thanks to Chainguard, they wrote another blog post to summarize all these highlights from their point of view. πΌ
πSPIFFE is using Chainguardβs wait-for-it image officially
The wait-for-it project is one of the most actively used projects in the SPIFFE ecosystem. One day, we found an issue created by Eli Nesterov complaining about the vulnerability count of the wait-for-it image built from here and used in the spire-tutorials project. At that time, we saw an opportunity to use Apko + Melange tools to create a CVEless version of it and ship it with Chainguard images. According to that, we built a new version of the wait-for-it image, and itβs now available for everyone at the registry URL cgr.dev/chainguard/wait-for-it. And the PR we created to promote using Chainguardβs version of the wait-for-it image is now merged, which means that SPIFFE is using this in official projects. π₯³
π³ Another Career Opportunity by Docker You Donβt Wanna Miss
Nuno Coração, who is working for Docker as Product, shared a Tweet about Career Openings at Docker and if you are interested in joining Docker, please follow this tweet belowπ€
π‘ A great idea about the ko project related to the SBOM and Rekor
Recently, Eric Smalling talked about the different ways of building OCI images without requiring any Dockerfiles or a running docker daemon in one of the events of DevOpsDaysDFW. In one of the sections of his presentation, he mentions the ko project, a very new CNCF sandbox project created by two amazing people, Jason Hall and Matt Moore, that simplifies building container images and securely. But there was a small mistake in Ericβs presentation about ko. He used the following picture and said, βko signs the generated SBOM and uploads it to the Rekorβ this is not right at the moment Iβm writing this. Still, on the other hand, this is a brilliant idea; at least, this is something we must discuss on it, so come and join to #ko-build channel on Kubernetes slack to share your opinions about it.
π Welcome to the newest Continuous Delivery Foundationβs SSC SIG co-chair
There has been an ongoing election for a new co-chair of the Continuous Delivery Foundation (CDF) Software Supply Chain SIG, which is finally ended. Congratulations to David Bendory; he has been elected as the new SIG co-chair. π
