BuildSafe | Loft Labs | Kubestronaut | CNCF Tag sustainability Lead

So much to share on the stuff I have been working on

Well there are a lot of things that are going on currently and I will share them on my socials when the time is right.

Lets start with BuildSafe

BuildSafe is a new open source project that my friends and I released a few days back. It focuses on solving the supply chain security issues, Everyone knows that the supply chain issue exists and people have over the years invented some great tools for solving this. But still we are not building 0 CVE apps, I love what chainguard has been doing in this space and also created a video on how they have built chainguard images for people to build 0CVE apps.

We, while BuildSafe took a different route of nix due to the number of packages it has and the rich information we could get for generating high-quality SBOMs. So with BuildSafe, you can build your projects without using Dockerfiles and any package (for example, curl) you need; you can simplify doing the search and then see the version + CVE attached so that you can choose the right package version without CVE and build your app without CVE.

BuildSafe also excels in its ability to generate high-quality metadata. This is compatible with SPDX and CycloneDX. It can be easily read and scanned via tools like trivy, further enhancing the security and quality of your projects.

So, in short, making the package search easy with CVE information and SBOM are key features; using nix without knowing about flake files is something BuildSafe helps with.

Do read out the launch blog along with the videos.

You can try out BuildSafe in the playground I created.

Principal Developer Advocate, Loft Labs

I am thrilled to have joined Loft Labs as a Principal Developer Advocate. My focus is on crafting a robust strategy for Loft, encompassing content, events, and research. As you all know that I love exploring new technologies, I will continue creating new POCs either within Loft or how we as a team can add them to products. It's interesting that I will be working with Lukas(Loft CEO), with whom I did a stream on vcluster 3 years back on Kubesimplify!

Loft has awesome open source projects like vCluster, DevPod, and jsPolicy, and they started devspace also, which is a CNCF sandbox project now. All are awesome, but vCluster is one of the key projects I am very excited about, as it fits all the checkboxes for multi-tenancy, platform engineering, cost savings, etc.

I created a new playground for you to get started with vCluster

I am excited about the next set of challenges, so wanted to share this with you all as well.

CNCF TAG Sustainability Lead

I have recently become CNCF TAG sustainability TAG Lead. Huge thanks to the current TAG leads, Co-chairs, and the CNCF TOC for making this happen. This only accelerates my efforts to create a bigger impact and participate in more initiatives under the sustainability umbrella. There are some amazing sub-projects that are going on within the TAG and I have started participating more in those to make sure we reach the goals of the projects.

My involvement in TAG sustainability, which began with Leo, has been a continuous and rewarding journey. I am committed to maintaining this momentum and contributing to the TAG's ongoing initiatives.

One of the things that I have already started is TAG sustainability APAC meetings.

So join slack and be part of the awesome projects, also you can use existing tools available to create an impact right NOW!

Kubestronaut

Kubestronaut is a title recognition given to individuals who have cleared CKA, CKAD, CKS, KCNA, and KCSA certifications. This was launched at KubeCon EU, and I have been part of CNCF certs for a long time now. I have written two books as well → CKA and CKS. I had all my certs expired and I got the coupon for CNCF certs as part of my CNCF AMbassador program, thanks to Katie.

I completed all these certs in a week, and it was fun. I am a Kubestronaut and also planning to create a course on it on Udemy, which is a huge task, so it's just a plan :D

But do comment or email if you want the course from me :)

Well, apart from this, I completed Kubernetes Hindi Bootcamp, which is more than 14+ hours of content with hands-on that gives you deep knowledge of Kubernetes concepts → LINK TO PLAYLIST

We also celebrated Kuberente's 10th birthday during the CNCF Chandigarh Kubernetes meetup, which went well. My next stop is KCD Hyderabad, where I will give a keynote on supply chain security in 2024.

Sponsored Content

Without the sponsors I won’t be able to give you an authentic newsletter with all the cool stuff, so please do check them out

• Cast AI - How Automation Reduces Large Language Model Costs 

• Sysdig - Securing AI in the Cloud: AI Workload Security for AWS

Awesome Reads

• Kubernetes: The Road to 1.0 - Brian Grant shared the journey to Kubernetes 1.0 during k8s 10th birthday celebration, highlighting the extensive process of building it from lessons learned with Borg and Omega at Google. Despite time constraints during his talk, Grant detailed the project's evolution, significant design decisions, and the collaborative efforts that led to Kubernetes becoming a production-grade container orchestration system.

• Nix as a WebAssembly build tool - It discusses the benefits of using WebAssembly for its portability and operational simplicity, using for Nix as a tool to streamline the complex Wasm build process. It shows, how Nix can deterministically build and package Wasm applications, highlighting its advantages over traditional dependency management methods.

• An Introduction to Observability for LLM-based applications using OpenTelemetry - explains the importance of observability for Large Language Model (LLM) applications using OpenTelemetry, highlighting the need to monitor metrics like request volume, latency, cost, and response details to ensure optimal performance and cost efficiency. Includes an example for using Prometheus, Jaeger, and Grafana to visualize metrics and traces generated by the OpenLIT auto-instrumentation library, enabling effective monitoring of LLM applications.

• Understanding GitHub Artifact Attestations - GitHub's new beta feature, Artifact Attestations, which enhances the security of open-source software supply chains by linking artifacts to their source code repositories and GitHub Actions. While the feature currently achieves SLSA Build Level 2, improvements and the use of reusable workflows could help achieve SLSA Build Level 3 for better security.

• The History and Evolution of WebAssembly in Kubernetes - My friend Matt Butcher discusses the evolution of WebAssembly (Wasm) and Kubernetes, highlighting their synergy in creating efficient, high-performing cloud environments. He explains how Wasm's security, multi-platform support, and performance benefits make it ideal for server-side applications in Kubernetes, culminating in the development of SpinKube, a toolkit for running Wasm applications in K8s clusters.

• Introducing Hydrophone - In the ever-changing landscape of Kubernetes, ensuring that clusters operate as intended is essential. This is where conformance testing becomes crucial, verifying that a Kubernetes cluster meets the required standards set by the community. Introducing Hydrophone, a lightweight runner designed to streamline Kubernetes tests using the official conformance images released by the Kubernetes release team.

• WebAssembly: A promising technology that is quietly being sabotaged - This highlights the promising potential of WebAssembly as a universal executable format that can run across various platforms, from web browsers to embedded devices and cloud servers. It also give a warning that the technology is being sabotaged by increasing complexity, particularly with the introduction of the WASI 0.2 Component Model, which strays from its original goal of cross-language compatibility, potentially making it impractical for widespread server-side adoption.

Awesome Repos/Resources

• Let’s Reproduce GPT-2 - Another Gem video by Andrej Karpathy that you cannot miss.

• image pull secrets provisioner - Image pull secrets provisioner is a Kubernetes controller that provisions image pull secrets for container image registries to any Kubernetes cluster.

• WARC-GPT: An Open-Source Tool for Exploring Web Archives Using AI

• USER-LLM: Efficient LLM contextualization with user embeddings

• sudo - sudo for windows

• Computer Networking Fundamentals For Developers, DevOps, and Platform Engineers

Learn from X Platform

• https://x.com/bindureddy/status/1801010849160818701

• https://x.com/karpathy/status/1800242310116262150

• https://x.com/ProfTomYeh/status/1798042265883156651

If you like the newsletter, subscribe and share in your network.

Comments

[Saloni Narang]

Many congratulations for the awesome tool Buildsafe and on the new job.