🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Level Up Your Feature Releases! Move from using #EnvironmentVariables to #FeatureFlags to extract feature management logic from your app & alter it at runtime, enabling progressive rollouts, user-targeting, & rollbacks without a redeployment. youtu.be/5lyDkKJojHw

Are you a .NET (.NET) developer, new to #OpenSource & #OpenFeature, and looking for a #GoodFirstIssue to starting contributing? Help us out by adding a readme to our .NET SDK! :) github.com/open-feature/d…

ICYMI: The CNCF-hosted co-located events call for proposals at #KubeCon + #CloudNativeCon Europe is open! 🎉🎉🎉 Speak at ArgoCon, Istio Day, OpenTofu Day + more. Learn more + submit to speak in Paris, 19-22 March. Submissions are due 3 December: bit.ly/3tMQyrs.

CFP for #PlatformEngineeringDay closes December 3 at 11:59pm CET (5:59pm ET | 2:59pm PT). Share your lessons learned in building & managing internal platforms, measuring platform maturity & improving golden paths & developer experience! #PlatEngDay #KubeCon #KubeConEU

if you are looking to hire a software engineer that can: write good Go and goodish Rust work with k8s and containers learn tough concepts and codebases quickly; and has experience working in open source then i’d really appreciate it if you considered hiring me, thanks!

Don't wait until the last minute! Come share your cool #GitOps stories with us on April 15th 2024 in Seattle, WA!

hey people! I wrote a thing on progressive delivery and service meshes in k8s 🦄 Can I be unbiased as a Flux maintainer? I interviewed folks from Argo, Flagger, and Linkerd to find out 💖 Big thanks to them for taking the time! Tell me what y’all think? 🫶 buoyant.io/blog/flagger-v…

We'll be at Open Source Summit North America! #opensourcesoftware #SoftwareSupplyChain #CyberSecurity #OpenSourceSecurity #SecureCoding #Sigstore #OpenSource #DeveloperCommunity

GitOpsCon NA 2024 kicking off now in Seattle WA 🚀

Wish I could have made it to Seattle as planned. Thanks Christian Hernandez for filling in opening for me, with the fabulous Stacey Potter 💖🙌☺️ Admiring y'all from afar this time. See you all in #opengitops slack at slack.cncf.io for live updates and follow-ups 👀🙂🫶

If you're an #opensource owner/maintainer & your project has 20+ repos #MinderCloud (FREE FOREVER for public repos) can help automate away the drudgery of setting & continuously monitoring config for all of those repos! It can even auto-remediate when it detects repo config drift

#oss maintainers, if you're tired of trying to make sure every project repo has a security.md file, branch protections enabled, Dependabot configured, etc—Minder can help you automate this, and it's free for public repos. Here's how. stacklok.com/blog/tutorial-…

Pinning actions and container images to digests is a security best practice, but tedious to do. The new #oss Frizbee GitHub Action makes automating this process easier. stacklok.com/blog/new-frizb… #appsec #github

JULY 17: Join Stackers Juan Antonio Osorio & Jakub Hrozek for this CNCF Livestream to learn how you can automate pinning GitHub Actions & container images to their digests! Sign up here: community.cncf.io/events/details… Or tune in to youtube.com/@cncf or twitch.tv/cloudnativefdn/

Next Tuesday join me and Stacey Potter to kick off our new series of fun conversations about the software supply chain! For our first episode, we managed to convince Luke Hinds to be our test subject (sorry Luke!) Send your questions and don't forget to Bring Your Own Tacos!

Do you verify Dependabot CVE patching PRs? Today it is trying to fix a critical Docker CVE but it got the version wrong, instead of 26.1.4, should be 26.1.5 🙃 github.com/controlplaneio…

In this blog, Luke Hinds dives into CVE's - they are not devoid of merit, but they are excessively emphasized, leading to alert fatigue among developers and internal security teams. Instead, let's focus on more actionable indicators. stacklok.com/blog/cves-the-…

🎉🌮 Join puerco & Stacey Potter for a Securi-Taco Tuesdays livestream! 🌮🔐 🚀 Trust & Verify: How #CodeSigning & sigstore Secure the #SoftwareSupplyChain with guests Hayden & Bob Callaway 🗓️ Tue. August 27 @ 12pm PT (19:00 UTC) 📍 meetup.com/stacklok-user-…

On our last Securi-Taco Tuesday puerco welcomed Bob Callaway & Hayden from Google's Open Source Security Team (GOSST) on to chat about how code signing and sigstore secure the software supply chain. Read the recap & watch the replay here: stacklok.com/blog/securi-ta…

In 1 week: 🔒Securi-Taco Tuesdays 🌮 hosts puerco & Stacey Potter invite Santiago to for: "Understanding Software Trust: Let's Explore Secure Attestations & the in-toto Framework" 🗓️ Sep 17th (11am PT | 12pm CST | 2pm ET | 7pm BST) Sign up here: meetup.com/stacklok-user-…