Continuous Delivery Foundation / cdCon 2022

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

How Shifting Left is Helping CapitalOne in its CICD Process - Gokul Prabagaren & Nagesh Kumar Vinnakota, CapitalOne

CapitalOne is first U.S Bank to exit out of legacy on-premise datacentres and go all in cloud. On this journey we have completely re-innovated our software delivery and automated all our software delivery process. There are various key milestones to our CICD journey. This talk will focus on how adopting shifting left is helping us in our Software Delivery Lifecycle and Security

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Keynote: Securing JavaScript - Myles Borins, Product Manager, GitHub

Speakers: Myles Borins
The npm registry is the heart of the JavaScript ecosystem. Hear about the steps we've taken at GitHub to secure this important part of the software supply chain from enforcing software solutions such as automated malware scanning to policy such as enforcing two-factor authentication for high-impact packages. This talk will cover what we've shipped to respond to an increase in threats to our ecosystem and what we are working on next.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

25 Years of (mistakes) Learning in CI/CD - Laurent Tardif, Zenika

From clearcase to modern deployment. In this talk Laurent will present a overview on how tools and practices evolve over the last 25 years. He will cover of we move from a monthly centralized team build to a distributed and continuous deployment model. How tests have impacted deployment model, how devops, docker, kube have influenced the evolution. How automation is critical today and why we continue to do the same error like depending of dynamics external dependencies in 'secure' projects.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Abusing CI/CD - Top Ways to Reach Production - Omer Gil, Cider Security

CI/CD pipelines are becoming one of the most exploited paths into internal and production systems by attackers, as there are a growing number of vectors that can be manipulated to gain access that are often times still left completely exposed, despite being well-known. From unexpected webhooks requests, to bypassing branch protection rules, through more complex attack scenarios like Poisoned Pipeline Execution - attackers have found that CI/CD is a quick way to invoke malicious attacks on production code. This talk will walk you through common attack vectors in CI/CD pipelines - ones you’re probably aware of, and ones that require more attention and research, and some of the ways you can harden your systems to prevent unwanted access to your sensitive internal data. Real-world attack scenarios will be showcased as part of the session.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Automating Industry Regulation (SoX, SoC 2) Enforcement During Software Delivery - Balaji Sivasubramanian & Gopinath Rebala, OpsMx

The development teams in Enterprises are increasingly deploying to environments that need to adhere to various industry regulations like SoX, SoC 2, FedRamp, etc. With the increased frequency of deployments and the need to audit the deployments, it is becoming imperative that these control and enforcement are automated as part of the CI/CD process. In this talk, we will show how to integrate OPA policy integration with CI/CD tools and share sample policies for enforcing compliance rules based on real-world regulatory requirements. Also, we will demo the integration including an audit of the policy enforcement.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Building DevOps Metrics for your Choice of CD Tools Through CDEvents - Andrea Frittoli, IBM & Erik Sternerson, doWhile

Continuous Delivery is all about getting your software released, and as software and system complexity continues to increase, so does the need to have many different tools, services and even people involved in building, verifying, deploying and monitoring your software. DevOps metrics help organisations measure their success with continuous delivery however, the plethora of different tools in use make it challenging to collect the data first and to extract coherent metrics from it. In this talk the speakers will introduce the CDEvents project and specification, which establishes a shared terminology and set of CI/CD-related events built on CloudEvents. They will demonstrate how CDEvents helped them gather consistent data from different CD tools, which can be used to calculate DevOps metrics.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Canonical GitOps - David Flanagan, Pulumi
JW Grand Ballroom 4

Speakers: David Flanagan
Templating. Helm. Overlays. Bases. Directories. Branching. There's many ways to make your GitOps pipeline work across multiple environments, but they're all prone to complexity, environmental coupling, strange Git strategies, and at the end of the day all boil down to the same thing: Just-in-time rendering of YAML. What if we could actually define our application deployment once, without all the noise? In this session, David will introduce you to the concept of Canonical GitOps. A process that acknowledges the Law of Demeter, using environmental inference, and enabling branch based promotion of your application workflows. Let's take a look.,

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Cloud Security in Continuous Delivery - Chen Goldberg, CloudWize

One of the biggest challenges is making sure the continuous integration processes in the cloud are made easy to use and straightforward to all stakeholders involved and in charge of the security. In this session, we’ll explore continuous delivery and security in the cloud, the different stakeholders as CloudOps, DevOps, SREs, Cloud architects, RNDs, and DevSecOps. Chen will also include examples of the challenges and repercussions. We’ll explore the following points: - Setting clear responsibilities between the stakeholders. - What you need to look for in a tool to simplify the process, help protect the cloud and keep up with continuous delivery. - Organized and centralized logs and threats management. Numerous options to handle them. - How to use an autonomous risk management system.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

CD Foundation Best Practices SIG - Tara Hernandez, Google & Terry Cox, Bootstrap
Virtual Track

Speakers: Tara Hernandez, Terry Cox
The CD Foundation Best Practices SIG will host a round table discussion and workshop opportunity for community members to discuss the current descriptions, compare their organization's CI/CD pipeline against the documented best practices, and potentially contribute an overview of their solution as an example use-case to be published as a community doc contribution.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Continuous Delivery and InnerSource - Why you Should be Doing Both - Tom Sadler & Steph Egan, BBC
Virtual Track

Speakers: Steph Egan, Tom Sadler
Continuous Delivery and InnerSource are two software engineering practices that aim to increase quality and break down organisational barriers. It may come as no surprise, then, that these practices can really compliment each other. Continuous Delivery makes InnerSource contributions seamless, and gives contributors confidence in the stability of the project. Continuous Delivery tooling is often a good candidate for InnerSource because it solves common problems, and allows consumers to contribute features they require for their specific use cases. This case study of BBC iPlayer & Sounds looks at how InnerSource projects are Continuously Delivered, how Continuous Delivery tooling is opened up to collaboration via InnerSource, and what impact this has.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Continuous Integration and Continuous Delivery Pipelines for Beginners and Managers - Ann Marie Fred, Red Hat
Virtual Track

Speakers: Ann Marie Fred
If you keep hearing about Continuous Integration or Continuous Delivery, but you don’t know what these CI/CD Pipelines really do, this is the talk for you. We’ll run through a series of tasks or steps that are commonly handled by CI/CD pipelines. For each, we’ll see what the task does, why it’s important, what inputs and outputs are involved, and what side effects to expect. If you already use CI/CD, this talk could inspire you to do more, especially in the realm of DevSecOps and compliance automation. Build your CI/CD foundational knowledge based on shared vocabulary from the CD Foundation Interoperability SIG! #SBOM

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Continuous Software Delivery using Jenkins, Spinnaker and Terraform Cloud on Amazon EKS - Irshad A Buchh & Paul Roberts, Amazon Web Services

Customers running microservices-based applications on Amazon Elastic Kubernetes Service (Amazon EKS) are looking for guidance on architecting complete end-to-end CI and CD pipelines using Jenkins and Spinnaker. Jenkins is a very popular CI server with great community support and many plugins (Slack, GitHub, Docker, Build Pipeline) available. Spinnaker provides automated release, built-in deployment, and supports blue/green deployment out of the box. This talk will explore configuration of Jenkins on Amazon EC2 using Terraform Cloud. Irshad shall also discuss the creation of Spinnaker pipelines, a combination of stages that enable powerful coordination for Continuous Software Delivery. These pipelines can be started manually or can be automatically triggered by an event, such as a new Docker image appearing in the Docker registry.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Creating Inclusive Environments Workshop - Gin Pham, Transgender Education Network of Texas

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

DX Design: Diversity Experience as an Accelerator - Ann Marie Fred, Red Hat; Marky Jackson, Equinix; Hope Lynch, CloudBees; Zainab Daodu, She Code Africa & Moderated by Brian Dawson, Ortelius,
Virtual Track

Speakers: Zainab Daodu, Marky Jackson, Hope Lynch, Ann Marie Fred, Brian Dawson
As a moderator of this diverse and accomplished panel, Brian Dawson will lead a discussion on real world experience and practices in achieving community growth and team performance though based on diversity and inclusion and in the presence of common challenges and impediments. Attendees will gain honest insights on D&I, and practical examples which they can apply within their communities and organizations.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Demo Theater: Practical Path to Infrastructure as Code at Scale - Sean O'Dell, Spacelift

Infrastructure as Code (IaC) has become fundamental to managing any cloud, infrastructure, or service for many individuals, teams, and organizations. With the expansion of Multi-Cloud and distributed teams, IaC tooling has struggled to maintain the agility and value that it originally set out to solve. Infrastructure management can and should follow basic DevOps principles and practices, but many organizations are beginning to see a gap or change in awareness, collaboration, and teamwork.
This session will focus on solving a few of the challenges that teams face when managing their infrastructure as code at scale!

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Dependency Management: Where the Fork are We? - Olivier Vernin, Suse
JW Grand Ballroom 2

Speakers: Olivier Vernin
Today’s software development relies more than ever on (third) dependencies. Even though solutions exist to help maintain them, yet, we see many of them being outdated. Why do so many teams struggle with that practice?

Let’s see that together.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Deploy, Release, CI/CD, Oh My! DevOps for the Rest of Us - Jeremy Meiss, CircleCI

While it seems that every week new terms appear to describe DevOps tools, segments, ideas, practices, etc., are they really new? And with so many entering the DevOps community, plenty of these terms form a word salad that is tough to sort out. CI/CD, Progressive Delivery, AIOps, GitOps, TreeOps (not real, yet?) - are they all the same, or are they just reimagining last week’s buzz words? In this talk we will break down a few of these terms, what they mean, how they’re used, and why they may matter for you and your teams and set a baseline for interacting with the DevOps community.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

DevOps Intelligence: Scaling Governance, Compliance, and Security across an Enterprise of 15K Developers - Jamie Plower, Fidelity Investments

At Fidelity Investments, every application workload must meet a unique mix of security, regulatory, audit & governance requirements to protect millions of customers. Enabling a standard automated approach to securing the CI/CD pipeline & Devops toolchain, ensures that engineering teams adhere to policy while being continuously audit-ready & secure. Scaling DevSecOps across application teams, code bases & various workload architectures requires bigger-picture thinking, built in flexibility and a smart approach from the start. During this session, Jamie will share Fidelity's journey to support over 15,000 engineers around the globe with our modern delivery approach. Hear about our challenges & successes to enabling accelerated velocity and overcoming our scale, while providing integrated, real-time governance and operations capabilities across the application lifecycle

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

DevSecOps with Shipwright and Tekton - Adam Kaplan & Vincent Demeester, Red Hat

Speed and security are often seen as competing priorities in the application development process. Emerging features in Shipwright and Tekton help bridge this gap, allowing developers to quickly build applications and verify the security of their software supply chains. In this session, we will demonstrate how Tekton and Shipwright can be used throughout the entire application development lifecycle to code, test, verify, and deploy applications. At each step in a piece of code’s journey to production, we will highlight features that help organizations meet SLSA compliance requirements. These include container image signing with cosign, generation of software bills of materials (SBOMs), and provenance attestations with Tekton Chains. Following this session, attendees will be able to use Shipwright and Tekton to secure the software supply chain of their own applications.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Expanding Interoperability in the CD Ecosystem - Ishan Khare, Loft Labs & Mauricio Salatino, VMware
JW Grand Ballroom 3

Speakers: Mauricio Salatino, Ishan Khare
Building an inclusive ecosystem where you can connect different tools built using different technologies and languages is hard, as different tools tend to promote different protocols and similar but not the same architectural patterns. This presentation focuses on the CDEvents initiative led by the SIG-Events Working Group at the CD Foundation. During this presentation a new use case will be presented showing how tools like Knative, Tekton and Crossplane can work together by just relying on CDEvents, no custom libraries, no forced protocols, just a standard and reactive way to interconnect disparate systems that were created by different communities with different purposes. We have a demo in place that we're working on and would like to present it demonstrating the whole flow end-to-end.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Failure Is Not an Option It's a Fact - Ixchel Ruiz, JFrog
Virtual Track

Speakers: Ixchel Ruiz
Failure is an inevitable part of success. Failure in the context of innovation efforts has helped thousands of start-up companies to succeed but in the context of a known execution process, it can harm results or reputations or create undue risk. In software development we are situated at the cross road between innovation and known processes so how do we benefit from failure and achieve success?

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

How to Grow and Mentor an Open Source Community & Achieve Collaboration with Over 170 Listed Corporations - Trista Pan, SphereEx

Having gone from being a woman developer in the open source world to CTO, didn't simply mean a change in her title. This journey included growing an open source community from just a handful of contributors, to one of the leading communities in China and fastest growing Apache projects in the world. The secret? True openness and inclusiveness, the willingness to both mentor students by collaborating with initiatives such as Google Summer of Code, while fostering a technically sound community whose solution has been adopted by over 170 publicly listed corporations. Juan Pan will share her empowering journey and valuable experience of being the CTO at an open source commercial start-up, how women in tech can turn the challenges they face into opportunities, and best practices for open source project leadership. Tune in to get inspired to think big, leave your mark and pursue your dream.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

How we Build CI/CD Observability with OpenTelemetry - Michael Friedrich, GitLab

CI/CD Pipelines are blocked, resources are drained, and the cloud invoice for the deployment is going wild - where do you start analysing and troubleshooting? One look leads into the CI/CD pipeline: Next to the job runs, which preparation steps happen, how many context switches are encountered, and which step is actually causing the problems?

Logs and metrics help to see the bigger picture, collecting the job and pipeline execution times, or fetch times for resources. Traces with spans provide more context on executed jobs, enriched with troubleshooting metadata. It is not always DNS, sometimes it’s also the slow IO cache …

Join this talk to learn how we build CI/CD Observability with OpenTelemetry in GitLab. You can learn more about the architecture challenges, implementation approaches, and performance scaling requirements for SaaS platforms.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Increase Agility and Quality Using Trunk-Based Development in Continuous Delivery - Hope Lynch & Logan Donley, CloudBees
JW Grand Ballroom 2

Speakers: Hope Lynch, Logan Donley
Jump into this fast-moving and practical discussion to dig into how you and your peers can use a single mainline of source code to manage continuous delivery with greater agility and higher quality.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Jenkins 2022 and Beyond? - Oleg Nenashev, Dynatrace
Virtual Track

Speakers: Oleg Nenashev
Is the Butler Still Young? Maybe not but it is still one of the most popular automation tools. Jenkins in 2022 is not Jenkins in 2012. It keeps evolving to address demands from its users and contributors: pipeline as code, configuration as code, better support for cloud environments, UX, etc. We are looking forward to the next major iteration in Jenkins evolution. So what’s next for it? I will focus on the current challenges for Jenkins. What does need to change in the project and the community to keep it relevant? We will talk about revitalizing the community and attracting new company contributors, consolidating user experiences, and reusing experiences of BlueOcean and Jenkins X? We will also talk about interoperability with other projects, making Tekton a first class citizen Pipeline engine, and making Jenkins available everywhere regardless of CI/CD system you actually use.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Journey to Automated Releases - Kranthi Challa & Deepa Padmanabhan, Netflix

How do we go from dreading a release to embracing the sense of accomplishment that a release is meant to bring? The solution needs to provide high confidence to bring about a culture shift, where humans are no longer gatekeepers of the release process. Our methodology meets this high bar with ideas like - application partitioning for independent rollouts - build-confidence scores for sign-off - promotion checks that backtrack a releasable build and many more. In this talk, you will learn the Netflix UI team’s journey in building a “Release ROBOT” for continuously delivering a large monolithic codebase while seamlessly entertaining the world.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Keynote Session: Community Awards & Closing Remarks - Fatih Degirmenci, General Manager, Continuous Delivery Foundation

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Keynote: Bringing Greater Trust and Security by Design to the Open Source Ecosystem - Brian Behlendorf, General Manager, Open Source Security Foundation

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Keynote: Continuous Delivery 2.0 – Intelligent CD for the Complex Enterprise - Gopal Dommety, CEO, OpsMx

Increasingly complex teams, workflows, and security and compliance concerns are common hurdles for organizations trying to increase the velocity and accuracy of their multi-cloud software releases. Diverse toolchains and the need for high availability increase the demands. Leading organizations are implementing CD solutions that combine role-based access controls, central policy engines, and AI-based intelligence capabilities to rapidly scale their release volume while achieving new standards for release speed and accuracy. In this talk, Gopal Dommety, CEO of OpsMx will discuss the changes driving the way leading enterprises approach software delivery and the emerging solutions that are enabling massive improvements in Continuous Delivery.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Keynote: Cory Doctorow, Science Fiction Author, Activist, and Journalist

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Keynote: Embracing Open Source to Beat the Great Reshuffle - Joe Sepi, Program Director of Open Tech, IBM
JW Grand Ballroom 7 - 8

Speakers: Joe Sepi
Integrating open source at the core of your business makes good sense from a business perspective in a variety of ways. In this keynote, I will focus on the people part of the benefits, from talent to culture. Empowering employees to be authentically engaged in open source can provide access to an excellent hiring pipeline, help insulate companies against the “great reshuffling,” and bring you greater returns on your investment.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Keynote: Hacking the OSS Supply Chain - Melissa McKay, Developer Advocate, JFrog
JW Grand Ballroom 7 - 8

Speakers: Melissa McKay
Developers depend upon an ecosystem of open-source technologies that fuel innovation and decrease time to market. A typical business application is composed of 80% open source code, so what happens when the open source software supply chain gets hacked and thousands of enterprises are left exposed to potentially devastating security exploits. The SolarWinds hack is just the tip of the iceberg on a much larger security concern that spans the industry affecting all programming languages, platforms, and cloud services. In this keynote we will expose security holes and exploits in the open source ecosystem as well as propose a system for securing the software supply chain at a fundamental level.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Keynote: Hedy: Creating a Gradual Programming Language - Dr. Felienne Hermans, Leiden Institute of Advanced Computer Science

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Keynote: How to Win Friends and Reduce Tech Debt with Developer Experience - Amara Graham, Head of Developer Experience, Camunda

Developer Experience (DX) has become a bit of the hot newness in tech with companies scrambling to hire or rebrand existing teams to focus on DX. The truth is, most developer-friendly companies already have a fair amount of DX baked into their culture. Where both companies and projects fail is volunteer investment or maintenance in DX when it’s not considered part of the fully-supported product stack. This kind of behavior breeds unchecked tech debt. Let’s talk through some things you can recognize and some other things you can avoid to enable developers with or without an official developer experience (DX) program.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Keynote: LF Research: Developer-Centric Insights and Opportunities - Hilary Carter, VP Research, Linux Foundation

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Keynote: Moving from Awareness to Action: Creating Inclusive and Accessible Experiences - Reginé Gilbert, Industry Assistant Professor, NYU
JW Grand Ballroom 7 - 8

Speakers: Reginé Gilbert
We are responsible for creating worlds of experience’s and systems that impact millions of people – with lasting impacts.

In the world of technology, where accessibility is critical to one’s experience, what else can we do with design to broaden technology’s reach, and what design solutions can we build into our services and products to make them more inclusive? Finally, we will discuss moving from awareness to action to create a more inclusive world.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Keynote: Software Delivery and Developer Experience in the Age of Platform Engineering - KellyAnn Fitzpatrick, Senior Industry Analyst, RedMonk

As developer velocity and productivity become increasingly important priorities to the business side of software production, we have seen more organizations attempt to address the developer experience gap: the disjointed experience that results from overwhelming choice and fragmentation of the tools and processes used to build and release software. One ascendant solution: the emergence of teams dedicated to engineering internal platforms that integrate these tools and processes so that application developers can focus their creative efforts on writing code. This talk covers some of the trends we are seeing in platform engineering and considers the often complex delivery setups involved when we are talking about systems engineered to help developers build and release software--systems that have to consider developers as both consumers and producers.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Keynote: The Cost of Agility at Scale: It's All Fun and Games Until the Bill Comes - Tim Banks, Principal Cloud Economist, The Duckbill Group

Cloud-native technlogies have enabled engineering teams to develop and deploy at lightning speeds. But without careful consideration of the economic impact of their architectural decisions, at scale, these decisions can cause more financial problems than they need to. We will talk about some common practices and architectures that become economically inefficient at scale, some better alternatives, and how to determine when it's the right time to reexamine your architecture.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Keynote: The Four Keys: Measuring Software Delivery - Dave Stanke, Developer Advocate & Roger Martinez, Developer Advocate, Google

Through nearly a decade of research, the DevOps Research and Assessment (DORA) group has identified four key metrics that indicate the performance of a software development team. As leading indicators of the value that software teams provide to their organizations, these metrics can inform best practices and guide continuous improvement. This session describes an easy-to-adopt approach to instrumenting applications and services with DevOps telemetry. Dave Stanke and Roger Martinez will present the Four Keys project, an open source toolkit that automates these measurements and compiles them into an easy-to-use dashboard.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Keynote: The Future of Continuous Delivery - Sarah Novotny, Microsoft; Hong Wang, Akuity; Isaac Mosquera, AWS & Tim Jacomb, Kainos; Moderated by Fatih Degirmenci, Continuous Delivery Foundation

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Keynote: The Great Personal Re-Invention: How the Great Resignation Blended Professional and Personal Ambitions - Grace Francisco, Vice President of Developer Relations Strategy & Experience, Cisco

In 2021, more than 47 million Americans voluntarily quit their jobs in a mass exodus from the workplace commonly called “The Great Resignation.” The effect of this professional migration is something we see and feel every day, from labor shortages to delays in the supply chain. Yet, it has also the been the cause for unprecedented innovation and creation – nearly 5 million new businesses were launched in 2021, a jump of 55 percent over the same period in 2019.

The disruption of the Great Resignation has created an opportunity for personal re-invention – where individuals are transitioning from developer to founder, blending professional and personal ambitions into a holistic view of what they want from their work life. In fact, half of the Americans that quit their jobs in 2021 made a career shift, not a career stop.

In this session from Grace Francisco, VP of Cisco Developer Relations Strategy & Experience, we’ll cover how developers and software are a bridge for a workforce that is re-inventing – looking for more than new jobs, but a new model of work. In addition, Grace will share insights gained from her two decades of experience in software, skill transformation, and personal career re-invention. Learn what lessons we can take from the Great Resignation; what opportunities for personal and professional re-invention are now present; and how adopting the agile mindset of developers can change the way we can all work, live, invent, and create.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Keynote: Welcome Back- Sara Chipps, Engineering Manager, LinkedIn & Jeremy Meiss, Director, DevRel & Community, CircleCI

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Keynote: Why Monorepos - Jeff Cross, Co-Founder & Principal Architect, Nrwl
JW Grand Ballroom 7 - 8

Speakers: Jeff Cross
Monorepos have been getting a lot of attention recently in the JavaScript community. Is it just hype, or can monorepos fundamentally change how a software organization works? In this talk, Jeff will explore the tooling, nuance, and tradeoffs of monorepos vs other approaches, using resources from the informational site https://monorepo.tools.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Keynote: You're Good at CI, You're Good at CD, But Where's the Work Taking You? - Michael Stahnke, Vice President of Platform, CircleCI

We'll cover the complexity of change approaching modern application delivery and why the changes you intentionally make, and the ones that happen to you, require us to deeply understand desired behavior and reactions to the true initiator of all technology work -- change.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Leading DevOps Transformation with Gamification - Ravi Devineni, Northwestern Mutual
JW Grand Ballroom 4

Speakers: Ravi Devineni
With many organizations making a pivot to DevOps mindset, it is imperative that we measure progress on that journey. At Northwestern Mutual, we wanted to chart our journey and demonstrate our progress throughout. As a part of that we developed a gamification process which leverages data from various Devops tools in the tool chain and aggregates it into dashboards to provide visibility on current state and trending over time. In this session, I’ll show you what types of metrics we captured and how this process can drive improvements at your organization.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Lessons Learned Evolving K8s Extensions: The Future Of Tekton Pipelines - Lee Bernick, Google

When extending Kubernetes, how do you map extensions to Kubernetes resources? You may have heard of Tekton, a cloud native CI/CD framework built with Kubernetes CRDs. Today, the specification of a Tekton resource is tightly coupled to its execution in Kubernetes. A Step is run in a Container, a Task is run in a Pod, and a Pipeline is run in a set of Pods. This coupling introduces challenges including optimizing resources, moving data through Pipelines, and distributing workloads. Users need more flexibility.
In this talk, you’ll hear lessons learned from decoupling Tekton resources from their execution in Kubernetes. In particular, Tekton is experimenting with allowing entire Pipelines to be executed in a Pod. We’ll demonstrate how executing a Pipeline in a Pod can improve execution times and the user experience of passing data through a Pipeline. You’ll also hear about challenges we’ve encountered along the way, and gain clarity on the future of Tekton Pipelines.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Lightning Talk: Automated Testing Done Right - Aditya Bansal, Cortex
Virtual Track

Speakers: Aditya Bansal
As software engineering tools and languages continue to evolve, it has become easier than ever to write software that touches billions of users. With the advent of cloud providers like AWS, GCP, Azure, and several more, the continuous delivery of software is a very reachable milestone, for companies of all sizes. But what about quality? How do we ensure that every commit we send to production is not going to fail? In this talk, Aditya will review lessons that he has learned from working on testing & CI/CD infrastructures at three different startups as an early engineer. He will also cover how not to make the same mistakes he did.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Lightning Talk: Continuous Delivery…except for Database Changes - Robert Reeves, Liquibase
JW Grand Ballroom 4

Speakers: Robert Reeves
Too often, when we speak of continuous delivery, we omit database changes. Those are handled by another team, another process. As we continue accelerating application releases, the pain of database change delivery becomes more acute. Robert will discuss how we got into this mess and how we should embrace our database friends to bring them to the DevOps party.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Lightning Talk: Safe to Fail Continuous Delivery Culture - Sylvia Lobo, Digital14
Virtual Track

Speakers: Sylvia Lobo
Building a new software product and deploying it in Cloud is a highly innovative and creative process. Things simply don't go to plan all the time, setbacks and failures are inevitable along the way. What makes a difference is how a team deals with them. Each failure is an opportunity to reassess, make a change and try a different approach. In order to succeed, testing teams must become resilient to failure. They must focus on the learning outcomes that they present.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Lightning Talk: Thinking out of the CI/CD Toolbox: An Experiment with a Workflow Engine - Nele Uhlemann, Camunda
JW Grand Ballroom 2

Speakers: Nele Uhlemann
Continuous Delivery defines activities in a workflow. Known tools like Jenkins support those workflows and make the DevOps life easier. A process engine can automate workflows too. Join me for my little experiment and find out what I learned when using a workflow engine to automate a CI/CD workflow.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Lightning Talk:Technical Documentation is like a Jigsaw Puzzle - Ember Stevens, LaunchDarkly
JW Grand Ballroom 2

Speakers: Ember Stevens
Assembling a jigsaw puzzle is a combination of science and art. There is a method to sorting the pieces, assembling the frame, and completing sections in a logical progression. Much like staring at a pile of 500 unsorted cardboard puzzle pieces, the blank page can be overwhelming when trying to write technical documentation. Where do you start? What should you focus on? What do your readers even need to know? Documenting your work is an essential part of the development lifecycle, but if you don’t write regularly as part of your job, it can feel daunting. Luckily, there are established methodologies you can lean on whether you’re trying to make sense of your puzzle pieces or write down how your code works. This talk will explore what Ember has learned from assembling countless jigsaw puzzles over the years and how it applies to writing technical documentation.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Making your CI/CD Pipelines Speaking in Tongues with OpenTelemetry - Ivan Fernandez Calvo & Victor Martinez, Elastic

Building and delivering software faster and better gained a different meaning with the introduction of pipeline-based technologies like Jenkins. Today, developers can automate the whole software development lifecycle by programmatically implementing build, testing, and deployment to achieve development agility. While this is great on the one hand, it poses an important question to be answered: what if the pipeline has a bug? For this reason, pipeline maintainers ought to have a strategy in place capable of verifying the pipeline code's accuracy, correctness, and reliability. Luckily for us, Jenkins allows this by providing a plugin compatible with OpenTelemetry — a technology that grants developers the ability to evaluate their code using an observability backend. This session will explain how this works and demonstrate how to get value from this.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Merge Strategies at Scale: Developer Happiness Through Better Code-submission Workflows - Ankit Jain, Aviator Technologies
JW Grand Ballroom 3

Speakers: Ankit Jain
Code-submission processes can highly impact developer productivity, especially as engineering teams scale and codebase complexity grows. Often, teams that work on a monorepo struggle with keeping their main branch stable, especially as the number of engineers merging changes (and consequently, the number of code-submissions per day) grows. This happens because incompatibilities emerge when multiple changes are combined, causing builds to break frequently. Poly-repo setups present their own challenges: synchronizing merges when changes span multiple repositories, rolling back related changes across repos, and testing across multiple build/test pipelines can become coordination time-sinks for developers. This talk will feature a distillation of various merge strategies that help teams scale, and their associated developer-productivity trade offs.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Microservice Supply Chain and the Ortelius Application SBOMs - Tracy Ragan, DeployHub

One of the new requirements under the Biden Administrations’ executive order on improving Cybersecurity is the requirement to provide purchasers a software bill of material (SBOM) for each software solution. But what is a software solution? Is it just a single microservice or is it a collection of microservices? In this presentation, you will learn how Ortelius aggregates an application-level SBOM by tracking the microservices, with versions, that it uses. This level of reporting is important to show what the ‘logical’ application is consuming, its vulnerabilities, and all transitive libraries and services it consumes. While this may be easy to create in a monolithic architecture, creating these higher-order SBOMs at the application level is difficult. The Ortelius catalog simplifies the process for every ‘logical’ application version released.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Modern Organizational Architecture, Are Microservices a Model for Diversity? - Brian Dawson, Ortelius, Ripple
Virtual Track

Speakers: Brian Dawson
DevOps and Continuous Delivery require thoughtful attention to the Trinity of People/Culture, Process/Practices, and Tools/Tech. Very often teams and organization lean into the hard science of Process/Practices or Tools/Tech while struggling with or even completely avoiding People/Culture. Yet as proven by many high performing teams, a healthy and effective approach People and Culture is key to your success. In this session we will use the concept of micro-services as an analogy for how we can frame and manage diversity as "micro-cultures" which can balance between flexibility, freedom and alignment on shared objectives. Similar to the promise of micro services as enabling resilient fault tolerant systems, we can achieve resilient fault tolerant software organizations.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Opentelemetry and Your Tests - Manuel de la Pena, Elastic
JW Grand Ballroom 3

Speakers: Manuel de la Peña
Test data is a gold mine that is rarely explored when discussing software quality and best development practices. Tens of thousands of tests might be executed in your CI pipelines everyday, generating a massive amount of data for you effortlessly. Right now, this data is lying around without producing you any value, but what if you could harness this data to accomplish something? If used correctly, you could be able to, for example, detect test flakiness, notify the right people on failures, and much more. All you have to do is capture this data and turn it into insight using an instrumentation layer. You can add this layer on top of the jUnit de-facto standard for test reports. By doing this, you'll be able to send traces and metrics to a backend using another standard, OpenTelemetry, and explore that information from there in whatever manner it is helpful for your interest.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Reducing Deployment Risks with Progressive Automated Canary and Spinnaker in a Regulated Environment - Carlos Martini, Vanguard

We've all been there: we've spend countless hours creating automated tests and manually testing new functionality to ensure our applications work well only to have production users use our system in unexpected ways and break the application. So how can we reduce risks even further when deploying to production? And how do we do this in a highly regulated environment? Progressive automated canary allows us to slowly and, more importantly, automatically ramp up production traffic to a new version. This talk will not only focus on how to setup progressive automated canary using Spinnaker, but on how to do it in a way where large and highly regulated companies can meet their regulatory requirements. We'll dive into using pipeline templates and different stage types to provide consistent deployments, meet custom regulation requirements, and integrate with change management systems.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Repurposed Purpose: Using git's DAG for Supply Chain Artifact Resolution - Ed Warnicke, Cisco

What if we could know the complete and reproducible artifact tree for every binary, shared object, container, etc (including all dependencies) and you could efficiently cross-reference that against a database of known vulnerabilities before you deploy? If you had had that information, could you have remediated Log4Shell faster? Might it even help open source maintainers identify at-risk dependencies sooner? In this talk, Aeva and Ed will share why they're so excited about GitBOM and explain what it is (hint: it's not git and it's not an SBOM). If the demo gods are willing, they will show you how you can generate a GitBOM with a simple command-line tool, and explain why you won't have to. Finally, if you want to add support for GitBOM to your favorite tool or language, this talk will give you enough information to get started.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Security as Code: A DevSecOps Approach - Joseph Katsioloudes, GitHub
Virtual Track

Speakers: Joseph Katsioloudes
Security as Code (SaC) is the methodology of codifying security tests, scans and policies. Security is implemented directly into the CI/CD pipeline to automatically and continuously detect security issues. Adopting SaC tightly couples application development with security and vulnerability management, while enabling developers to focus on functionality. More importantly, it improves the collaboration between Development and Security teams and helps nurture a culture of security across the organization. In this session, we will review lessons learned from DevOps to implement a successful DevSecOps culture, i.e how we can make developers contribute security checks with the SaC approach. We will introduce CodeQL, a language that allows security checks with code, and will demo how we can code queries for vulnerabilities so they can be identified as soon as they hit your CI/CD pipeline.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Demo Theater: Setup a Private, Secure, Cloud-native, Ultra-fast Repository in 60-Seconds with Cloudsmith - Adil Leghari, Cloudsmith
JW Grand Ballroom 4

Speakers: Adil Leghari
All your packages, in any format, in one location and accessible across the organization and Globe? Sound too good to be true?

Join Cloudsmith’s Solution Architect Manager, Adil Leghari in the demo theatre as he sets up a private, secure, cloud-native, ultra-fast repository with Cloudsmith. See how you can easily integrate Cloudsmith into your current setup to start handling packages and dependencies the right way.

Cloudsmith is a single, cloud-native, private repository for all your packages. With Cloudsmith, packages are automatically available globally in 225+ points of presence. Imagine your distributed team, working across multiple languages and formats, can now access every software asset across your organization consistently and reliably.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Shipwright - What Happened in our First Year as a CDF Project - Sascha Schwarze & Enrique Encalada, IBM
JW Grand Ballroom 4

Speakers: Enrique Encalada, Sascha Schwarze
Shipwright (https://shipwright.io) is a framework for declaring and executing container image builds in a Kubernetes cluster. It provides a pluggable architecture where common tools such as BuildKit, Buildah, or Buildpacks can be used in build strategies; and users define their build configurations based on them. In this talk we will give a quick introduction into the project. We'll describe how easy the installation has become with Shipwright being installable through OperatorHub. We'll see live how our new command-line interface makes it more convenient to get the first build going, and how it enables you to build from code that is on your local machine. Finally, we'll take a tour through a variety of new features in the backend that empower you to build more and secure images. Finally, we'll give an outlook on what's coming next.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

The Battle of Policies: OPA’s Rego vs. JSON Schema - Shimon Tolts, Datree
Virtual Track

Speakers: Shimon Tolts
On the one hand, it’s well known that OPA's Rego is very popular and easy to get started with, but hard to master. On the other hand, JSON Schema is considered one of the fundamental libraries for validating manifests… but which one is THE ONE for you? In this talk, we'll battle it out head to head with the two ultimate libraries OPA's Rego and JSON Schema. We'll test both of the solutions by validating Kubernetes manifests against real-life use cases and review their pros and cons. We’ll explore how we can integrate each one of them into the CI/CD pipeline, and learn how they work under the hood. Finally, we’ll make the case for which one to use in which scenario. May the best config language win!

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

The State of Art in Tackling Flaky Tests - Kohsuke Kawaguchi, Launchable, Inc.

Flakiness is a part of the reality for software engineers everywhere, it refuses to go away. This is happening in your team whether or not you know it, it caused frustrations, failed pull requests, added more stress to a hotfix delivery. Come listen to Kohsuke Kawaguchi, the creator of Jenkins to learn how software teams around the world has tackled this problem, from “idol” companies like Google & GitHub, to the “next door neighbor” company just like yours, so that you can tackle this in your team, and see how this is a part of a bigger emerging movement.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

The State of Continuous Delivery: The Evolution of Software Delivery Performance - Kara de la Marck, CDF

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Toolchains Are Only As Strong As Their Weakest Link: A Discussion On Interoperability Across CI/CD Solutions - Melissa McKay, JFrog; Andrea Frittoli, IBM; Fatih Degirmenci, Continuous Delivery Foundation; Mauricio Salatino, VMware; Justin Abrahms, eBay
JW Grand Ballroom 3

Speakers: Mauricio Salatino, Andrea Frittoli, Fatih Degirmenci, Justin Abrahms, Melissa McKay
The development of a CI/CD pipeline often involves cobbling together a number of different tools and technologies. The software development and delivery pipeline from beginning to end is a vast space and one of the benefits of open source technologies is the variety of tools to choose from, each born from a need expressed by the community, and each with their own strengths and capabilities. Although excellent tools have been developed by the community and adopted at large by various organizations, connecting these tools together in a robust and reliable way is a challenge. Join this discussion of the various issues that can arise when composing a full CI/CD pipeline and how these might be addressed. Learn about the CDF Interoperability Special Interest Working Group and its vision to offer clarity and pursue solutions to the CI/CD implementation challenges organizations must overcome.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Trust but Verify - Olivier Vernin, Suse

Kubernetes revolutionized CI infrastructure. It’s easier than ever to replicate production environments for testing purposes, deploying preview environments, relying on auto-scaling to optimize costs, etc. Kubernetes hides complex automation concepts behind APIs so developers don’t require extensive infrastructure knowledge. But as great as all of this is, it didn’t get rid of human errors. It’s easier than ever to expose your CI in the wrong location or let someone in by using the wrong corrupted container image. Let’s discuss which projects we could benefit from to let developers do what they do best, build software.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Trusting Mission Critical Infrastructure: Building Reliable CD Platforms is About More than Building Features - Fernando Freire, Armory & Isaac Mosquera, AWS

Critical infrastructure products like Spinnaker form the basis of many technology strategies, increasing the velocity of innovation while reducing the risk of outages. Failure of these systems erodes trust, limiting a team’s ability to delegate responsibility. When deploys fail due to operational constraints or bugs in the platform, it becomes difficult for teams to reliably deploy, encouraging alternative solutions that detract from delivering business value. Much like software infrastructure, failure in more traditional domains is no less worrisome. For example, without trust in a system of laws, it’s difficult to facilitate basic interactions between parties. In this session, we’ll explore the relationship between critical infrastructure across domains and propose a set of strategies for building resilient CD platforms that prioritize trust over building features.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

Welcome & Opening Remarks - Fatih Degirmenci, General Manager, Continuous Delivery Foundation

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

What a Life! - Understanding the Lifecycle of a Tekton Pipeline - Vibhav Bobade, Lifesaver Inc & Billy Lynch, Google

Tekton leverages Kubernetes to execute user CI/CD workloads -- but how does this work? In this talk, we will dive into how Tekton processes Tasks -- how they are transformed into running Pods, how steps coordinate with each other, what security considerations Tekton puts in place, and how other Tekton tools hook into this lifecycle for debuggability and software supply chain security. Come get a better understanding of how Tekton Pipelines work today, and get a peek at what problems we want to tackle next to further secure user workloads.

For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/

What is the Unit of Work in Modern Delivery? - Michael Stahnke, CircleCI
JW Grand Ballroom 3

Speakers: Michael Stahnke
Today, software delivery is harder than ever. Developers are delivering on top of a mountain of dependencies that they can’t always see. Single sources of change within the pipeline are complicated by an external ecosystem of changes that can be anything. Even the most experienced engineers cannot comprehend all of the components and moving parts that go into the products they build, yet they’re still expected to deliver software incredibly fast with no bugs. The last 10 years were all about code, but given the current complexities, focusing on your code is only half of the solution. The future of software delivery operates in an automated network, alive with dynamic, two-way intelligence. In this talk, Michael Stahnke, Vice President at CircleCI will help you prepare your teams for infinite change, and create a resilient network of software to withstand any amount of constant change.
Takeaways include:

Organic patterns to break that encourage incompleteness
How to identify + validate changes from an infinite amount of sources across the software ecosystem
Ways to empower developers and teams to act on these changes