►
From YouTube: SIG Events Meeting - Aug 1, 2022
Description
For more Continuous Delivery Foundation content, check out our blog: https://cd.foundation/blog/
A
A
A
A
C
That's
nice
to
meet
you!
Actually!
I
just
realized.
We
were
probably
been
talking
to
each
other
for
the
tecton
spire
stuff
right,
yeah
yeah,
it's
nice
to
meet
you!
Finally,
in
person
face
to
face.
C
I'm
in
the
near
the
east,
in
the
us,
okay,.
A
A
C
A
A
As
long
as
you're
using
the
cloud
event
format,
then
you
have
an
option
of
several
bindings
that
you
can
use
that
are
specified,
so
you
can
decide
to
transport
your
messages
over
http
or
over
kafka
or
nats
or
mqtt.
I
think
there
are
a
few
bindings
available.
A
A
Basically-
and
we
do
that
on
top
of
cloud
events,
because
if
they
make
sense
it's
it's
used
already
in
some
of
the
tooling
in
cicd
space
like
captain
tactone,
there
is
a
plugin
for
jenkins,
so
yeah
it
made
sense
to
use
that
envelope.
So
that's
the
the
difference.
C
C
For
example,
like
the
thing
I'm
trying
to
do
is
like
we're
trying
to
collect
runtime
visibility
logs,
basically
right
so,
for
example,
the
sys
calls
all
those
kind
of
things
that
are
happening
within
within
a
built
within
the
build
system
within
your
ci
cd
right.
So
having
having
that,
like,
let's
say,
tecton
like
having
tekton
be
able
to
trigger
be
like
hey,
I
want
to
start
collecting
logs
on
a
specific
task
run
or
a
pipeline
run
right,
collect
everything,
all
the
different
positions
spun
up.
C
A
A
Definitely,
and
because,
like
no
single
tool,
will
cover
your
entire
set
of
needs,
for
example
multiple
tools
and
you
don't
want
to
reinvent
every
functionality
in
every
single
tool.
I
mean
you
have
tools
that
are
specialized
to
some
things.
Well,
and
that's
that's
it.
You
can
use
demand
for
connecting
tools
that
way.
A
The
other
use
case.
I
guess
it's
similar
in
a
way,
but
it's
about
collecting
metrics,
so
develop
devops
metrics.
So
if
you
have
multiple
tools
that
you
use
and
you're
creating
changes
in
your
source
code,
you're
running
builds,
creating
artifacts
you're,
deploying
those
artifacts
you're,
recording
incidents
in
production,
those
kind
of
events
and
referring
to
the
dora
metrics
if
you're
familiar
with
those-
and
you
have
multiple
tools
generating
those
events.
A
A
A
All
right
yeah,
so
originally
the
plan
for
today
was
to
to
have
a
presentation
by
jamie,
but
he's
not
here,
so
I'm
I
think
we
will
postpone
to
next
time.
So
jamie
is
going
to
present
at
some
point
how
they
use
cloud
events
in
in
their
cicd
platform.
Basically
and
fidelity
is
interested
in
as
they're
heavily
relying
on
cloud
events,
they're
interested
in
city
events,
but
yeah,
I
won't
say
more.
I
think
they
I'll.
A
Let
jimmy
do
the
presentation
when,
when
he's
available
yeah,
so
that
was
the
main
thing
that
again
on
the
agenda.
But
since
I
see
a
lot
of
new
faces,
I
think
maybe
it
makes
sense
to
make
a
round
table
to
introduce
ourselves
right.
A
Well,
I
can
start
my
name
is
andrea
fitli,
I'm
a
developer
advocate
at
ibm
and
I'm
the
co-chair
of
the
sig
events
here
and
I'm
also
on
the
cdf
toc
and
recently
joined
the
the
board
as
a
maintenance,
representative
city,
airport
and
yeah.
I
care
a
lot
about
interoperability,
also
as
part
of
the
tlc
and
yeah.
So
that's
why
I
joined
the
interoperability
group
first
and
then
started
working
on
setting
some
common
format
for
for
events.
B
A
Csd,
so
that's
just
my
interest
here:
I'm
gonna
just
go
through
the
list
in
the
order.
I
see
it
a
part
you
want
to
go
next.
C
Sure,
yeah
hello,
my
name
is
parks,
so
usually
part
of
the
cnc
of
attack
security.
So
we're
we're
doing
a
lot
of
things.
There
also
part
of
a
new
startup
called
kusari
we're
also
we're
also
focusing
on
secure
supply
chain,
so
we're
kind
of
building
out
a
lot
of
things
and
tools,
and
you
know
the
cd
events
makes
a
lot
of
sense.
We're
trying
to
see
if
there
are
ways
that
we
can.
C
You
know
utilize
events
to
trigger
specific
things,
and
I
think
this
exactly
fits
the
use
case
so,
basically
in
in
the
cncf,
the
tech
security
stuff,
we've
been
working
on
the
reference
architecture,
so
we've
been
using
a
lot
of
tecton
tecton
pipelines
like
ton
chains
filling
in
the
gaps
that
we
see
in
terms
of
the
salsa
right,
so
we're
trying
to
achieve
salsa
with
a
lot
of
these
tools
that
are
out
there.
So
you
know,
especially
at
the
higher
levels,
trying
to
fill
in
the
gaps
where
it
needs
to
be.
C
C
A
C
B
B
Yeah
no
mike
is
also
fine,
so
yeah,
I'm
also
at
kasari.
You
know
startup
trying
to
do
you
know,
secure,
build
and
and
and
those
sorts
of
things
also
doing
a
lot
of
work
with
the
cncf
cncf
up
until
recently
was
the
co-chair
of
the
financial
services
user
group.
I'm
now
also
a
tech
lead
at
the
security
tag
and
doing
a
lot
of
stuff
on
on
that
front.
B
So
I
was
one
of
the
leads
on
the
cncf
secure
software
factory
reference
architecture,
which
fatigue
participated
a
little
bit
in
those
conversations
as
well,
and
so
also
the
lead
on
the
open,
ssf
fresca,
which
is
a
tool
that
we've
been
building
out,
that
utilizes
chains,
spire,
vault
and
a
bunch
of
other
tools
to
kind
of
build
the
more
holistic
package
of
a
secure,
build.
B
That's
under
the
open
ssf.
Also
you
know
doing
stuff
with
with
salsa
on
the
steering
committee
for
salsa
and-
and
so
a
lot
of,
I
have
a
lot
of
shared
interest
with
the
part
there.
But
I
think
a
lot
of
also
where
I'm
coming
from
is
trying
to
also
see
where
we
can
collaborate
as
a
community
to
make
sure
that
you
know,
as
a
lot
of
this
work
also
gets
done,
that
you
know
different
groups
can
go
in
and
leverage
some
of
this
work.
B
So
there's
obviously
a
lot
of
interesting
stuff
coming
out
of
the
open,
ssf
and
as
well
as
cncf
and
hey.
Can
we
start
to
build
more
cd?
Events
integrations
in
some
of
these
open,
ssf
and
cncf
tools,
so
that
we
can
then
leverage
it
more
that
that's
where
a
lot
of
where
I'm
coming
from
and
then
also,
obviously,
you
know
probably
interest
in
some
of
the
other
upcoming
meetings
throughout
the
the
seating
foundation.
A
Cool
thanks
mike
I'll
go.
D
D
I
am
tracy
reagan.
I
am
ceo
of
deploy
hub,
also
a
small
company
that
has
been
involved
in
the
cdf
since
its
inception.
I'm
also
on
the
board
of
the
open
ssf.
I
am
the
board
member
rep
and
I
am
on
the
cdf
toc
deploy
hub
is
a
central
hub
for
storing
what
I
like
to
call
devops
intelligence,
including
s-bomb
data.
D
We
have
an
open
source
project,
that's
part
of
the
cdf
called
ortilius,
and
I'm
happy
to
report
that
over
the
last
three
weeks,
artelia's
got
a
75
000
grant
from
ripple
xrpl
to
do
a
poc
for
creating
immutable
s
bombs
and
for
every
component
that
is
created.
So
we're
pretty
excited
about
that.
We'll
see
where
it
leads.
B
Yeah
sorry,
I
couldn't
find
my
mute
button.
I'm
tim
miller,
I
complete
the
trifecta
of
people
working
at
kusari
with
mike
and
parth,
so
I
won't
bore
you
too
much.
I'm
I'm
working
with
them
happy
to
be
here.
E
So
I'm
brett
smith,
I
have
recently
started
coming
to
cdf
meetings,
we're
looking
sas.
I
work
for
sas,
which
is
a
analytics
company.
E
If
you
swipe
your
credit
card
and
it
gets
denied
for
fraud,
it
was
probably
us
if
it
gets
frozen,
because
someone
spends
two
dollars
in
minneapolis
and
you're,
not
there.
It's
probably
us
so
we're
in
isv,
so
we
still
ship
software
to
customers.
E
So
I've
got
a
pipeline
that
builds
rpms,
debian
packages,
containers,
starballs
all
kinds
of
stuff,
and
we
recently
about
three
years
ago
we
decided
to
go
full
ci
cd,
so
we
built
up
an
event-driven
system.
E
My
events
are
cloud
event
spec,
and
so
I'm
pretty
excited
about
this
cdf
event.
Spec.
My
pipeline
is
also
asynchronous.
So
if
you
can
imagine
the
chaos
it
can
cause
by
just
going
and
doing
random
things
whenever
you
know
when
there's
an
event
triggers
a
bunch
of
stuff
and
I'm
pretty
proud
of
it.
E
Basically,
we
did
is
we
use
the
cloud
event
spec,
and
then
we
have
a
payload
which
is
a
cnab
spec,
because
I
wanted
to
be
able
to
replay
all
the
actions
that
the
event
represented
and
then
inside
of
the
cnab
there's
a
custom
section
where
we
put
our
sassy
sas
specific
data,
for
you
know
stuff
that
didn't
fit
into
the
cnab.
So
I'm
pretty
familiar
with
what
you
guys
are
up
to
got
this
audit
trail.
That
goes
with
the
events.
E
So,
in
order
to
create
an
event,
you
have
to
post
a
receipt
of
what
you
did
and
that
triggers
the
event.
And
then
we
have
all
these
little
go
microservices
waiting
for
the
event
to
hit
the
bus,
and
then
they
go
and
do
stuff
whether
it's
trigger
jenkins
jobs
or
update
databases,
or
you
know
whatever
they
do,
there's
a
lot
of
that
type
of
stuff.
So
I'm
excited
to
be
here
and
yeah.
That's
about
it.
E
Yeah
I
could
do.
I
could
probably
do
a
presentation
at
some
point
for
you.
I
wasn't
prepared
for
today,
because
you
guys
have
stuff
on
the
agenda,
but
all
I
gotta
do
is
go
talk
to
my
legal
team
and
make
sure
that
they're
cool
with
it.
A
Yeah
that
that
would
be
great.
Actually,
I
was
going
to
to
ask
yeah
so
yeah
that'd
be
brilliant
right,
so
that's
definitely
I
mean
it
sounds
like
a
really
good
fit
with
what
we're
doing,
and
probably
I
mean
you
have
a
few
years
more
experience
doing
it
than
now.
So
I'm
sure
there
are
a
lot
of
things
we
could
learn
from
from
your
presentation.
E
Yeah
and
then
I'm
very
interested
in
the
s-bombs,
because
currently
I'm
trying
to
implement
salsa
and
I'm
I
got
to
support
the
executive
order
of
the
united
states.
E
So
I've
got
a
bunch
of
work
going
on
around
s-bombs
and
storing
s-bombs
and
creating
s-bombs.
And
how
do
I
retrieve
s-bombs?
And
then
I
have
a
problem
of.
I
don't
work
for
a
software.
We
have
a
software-as-a-service
offering,
but
I
still
have
to
deliver
these
these
binaries
to
customers,
and
so
I
have
to
figure
out
how
to
you
know,
keep
the
s-bomb
closely
with
the
binary
so
that
I
can
have
it
when
it's
time
to
turn
it
in.
You
know
to
give
it
to
the
customer,
so
yeah.
A
A
A
A
Hi
guys
so
I'm
above
I
worked
at
a
company
called
uffizi.
We
do
test
reviews
and
I'm
open
source
integrations
engineer,
which
is
basically
open
source
sales,
if
you
think
about
it-
and
my
day-to-day
includes
just
like
going
to
different
repos
and
integrating
with
easy
of
easy,
is
very
interested
in
cd
events
and
integrating
with
cd
events,
and
I
have
contributed
to
cd
events
in
the
past
and
I'm
also
a
contributor
in
techtone,
it's
nice
to
meet
you
guys.
A
Yeah
thanks
vapor,
okay,
yeah,
so.
A
I'd
like
to
to
make
best
use
of
this
time
together,
so
I
was
wondering
if
there
are
any
questions
or
any
specific
topic
on
cd
events
that
you
guys
would
like
to
bring
up
for
today.
D
Yeah,
the
cdf
reference
architecture-
I
maybe
I'm
just
thick
right
now
or
maybe
because
I
had
covered-
I
just
got
over
covered.
I
know
I'm
fine
steve
and
I
both
got
it.
We
went
to
a
bar
steve,
got
it
and
brought
it
home,
and
then
I
got
it.
I've
been
looking
at
looking
at
that
reference
architecture
and
looking
at
it,
and
I
cannot
really
really
understand
it
and
wrap
my
head
around
it
and
I
believe
that
part
of
what
they
are
going
to
the
challenge
will
be
for
any.
D
For
those
of
you
who
don't
know,
there's
a
proposal
to
create.
What's
what
is
being
returned,
a
reference
architecture
with
the
goal
of
providing
a
way
for
people
who
may
not
be
completely
mature
in
their
cd
pipeline
to
go
and
say
I'm
trying
to
do
deployments?
What
are
the
tools?
I
should
be
looking
at
from
a
cdf
point
of
view.
We
have
to
be
careful
about
not
being
we
have
to
be
vendor
neutral,
so
any
tools
that
we
create.
We
really
can't
be
saying:
go
use
spinnaker,
for
example.
D
If
you
haven't
looked
at
the
landscape,
the
landscape
is
kind
of
can
be
challenging,
but
what
I
really
think
it
needs
to
be
we
need
to
do
is
to
collaborate
with
them
on
vocabulary,
because
when
I,
when
I
look
at
what
we've
done
on
the
vocabulary
front,
I
feel
like
it
really
really
should
be
mapping
back
to
the
vocabulary
and
the
vocabulary
is
defining
what
these
things
are,
as
opposed
to
looking
at
it
from
saying
this,
these
are
the
tool
sets
you
should
use,
it
should
be.
D
This
is
the
vocabulary
you
should
be
looking
at
and
then
our
events
would
be.
These
are
the
these
are
the
events
in
this
vocabulary,
so
I
just
wanted
to
know
if
anybody
else
is
kind
of
trying
to
wrap
their
head
around
it
now,
because
I
was
supposed
to
be
in
bed
rest
and
all
I
was
doing
was
laying
in
front
of
my
computer
reading
stuff.
I've
probably
had
more
time
to
think
about
it,
but
just
andrea.
D
A
I
yeah
so,
first
of
all,
I
think
the
the
idea
of
the
architecture
is
to
be
like
too
agnostic.
A
So,
like
you
said,
I
mean
I
mean
we're
a
foundation,
so
we
should
not
like
say
you
should
use
this
tool
or
that
tool,
but
I
think
the
the
idea
is
to
to
give
like
a
framework
of
thoughts
like
what
are
the
concepts
that
we
talk
about
in
cd
ci
cd
and
how
do
they
relate
to
each
other,
and
I
think
this
is
quite
close
to
what
you're
talking
about
with
the
vocabulary.
A
D
D
D
I
feel
like
there's
got
to
be
some
sort
of
a
partnership
right
between
the
interoperability,
what
we're
doing
on
the
vocabulary
and
what
they're
calling
the
reference
architecture
I
feel
like.
Sometimes
we
get
splintered
and
when
we
do
that,
everybody
goes
in
their
own
corners
and
does
their
own
thing
and
on
this
one
I
feel
like.
D
D
There's
there's
a
there's
motivation
there,
on
my
part
to
say,
would
be
great
to
get
more
people
writing
events
right
or
being
part
of
that
event
conversation.
A
D
D
Do
we
have
a
link
to
share
our
where's,
our
vocab,
for
those
of
you
who
are
new?
I
think
the
vocabulary
is
a
really
good
place
to
start.
Let
me
see
if
I
can
find
something
on.
I
don't
think
that
there
really
is
anything
out
there
on
the
reference
architecture,
discussion.
A
D
E
B
A
quick
aside,
though,
I
think
one
of
the
things
that
I
know
from
the
cncf
and
open
ssf
we'd
love
to
do
in
a
collaborative
fashion,
is
sort
of
help,
coordinate
and
help
collaborate
on
some
of
that.
Just
so
that
you
know,
given
that,
for
example,
the
the
cncf
has
created
a
reference
architecture
of
how
to
do
secure,
builds
in
the
club
in
in
cloud
like
kubernetes
hey
what?
What?
What
can
we
do
from
our
end
to
make
sure
that,
as
the
cd
event
stuff
starts
to
come
up?
D
So
what
is
that
you
know?
What
does
that
mean
and
there's
there's
another
area,
a
whole
area
of
you
know,
policies
and
compliance
levels
that
we
could
be
building
into,
that
that
would
further
define
that
reference
architecture.
A
All
right,
there
are
a
few,
a
few
different
things
right:
that
there
is
the
the
rosetta
stone,
which
is
the
initial
work
that
was
done
to
kind
of
see
how
different
tools.
E
So
I
got
a
couple
of
quick
points
on
the
reference
architecture,
because
I
believe
tracy
is
the
second
time
I've
heard
you
go
through
and
say
we
need
to
be
careful
and
be
vendor
neutral,
which
I
agree
with.
I
will
say
that
so
when
we
started
the
ci
cd
with
the
event
driven
architecture.
E
I
I
had
a
lot
of
trouble
explaining
to
even
the
team
that
I
was
using
to
build
it
out
what
event
driven
meant
and
having
a
concrete
example
really
would
help
in
that
understanding,
because
it
took
me
it
took
me
probably
six.
E
It
probably
took
me
a
year
after
the
system
was
live
to
train
the
half
of
the
rest
of
the
company
on
what
you
could
do
with
it
and
what
was
the
right
way
to
use
it
and
what
was
not
the
right
way
to
use
it.
You
know
you
give
developers
a
way
to
create
stuff
and
they
immediately
do
crazy
stuff,
like
base64
a
giant
yama
file
and
try
and
jam
it
in
your
system,
and
you
know
I
had
to
put.
E
I
also
had
a
guy
that
you
know
I
said:
look
these
events.
They've
got
actions
on
them
that
trigger
other
things,
so
that
your
your
your
watcher
will
catch
this
action
and
go
do
what
it's
supposed
to
do
and
it
will
ignore
the
messages
that
are
not
for
it,
and
I
had
a
guy
who
set
the
action
for
his
res
his
receipt
to
be
the
action
that
his
watcher
was
watching
for
and
he
fork
bombed
himself
and
ended
up
with
a
97
megabyte
receipt
until
his
watcher
crashed.
E
So
there's
a
lot
of
stuff
that
we
can
learn
from
my
follies
here,
but
having
a
concrete
example
of
being
able
to
go
into
a
meeting
with
a
a
nice
diagram
and
go,
and
this
is
what
it
is
and
have
it
be
stuff
that
maybe
is
pretty
industry,
not
industry
standard,
but
at
least
everybody's
kind
of
familiar
with
that
would
really
help
with
our
long-term
adoption.
I
think
in
our
explaining
what
events
are.
D
Exactly
and
to
your
point
brett,
I
don't
think
that
that
I
don't
think
that
everybody
at
the
cd
foundation
on
the
board,
or
even
on
the
toc,
really
understands
what
this
team
has
been
trying
to
do.
I've
been
sort
of
an
inside,
you
know
cheerleader
for
lack
of
better
word.
I
guess
inside
evangelist,
saying
hey.
This
is
really
the
way
that
we,
this
is
the
way.
This
is
the
the
way
to
come
in
cd
technology.
D
Look,
I
mean
captains
of
captain's,
a
fabulous
tool,
there's
another
little
one
that
I'd
like
to
see
be
added
as
an
open
source
project
to
the
cd
foundation,
which
is
called
directive.
I've
we've
had
demos
here
on
directive.
It's
you
literally.
If
you
wanted
to
open
your
open
your
garage
door
and
start
your
coffee,
you
could
do
it
with
their
event-driven
platform.
D
D
So
I
think
that
I
think
you're
right.
I
think
that
there
there
is
still
we
did
a
white
paper
with
an
effort
of
trying
to
make
it
easier
to
understand.
Is
that
white
did?
I
did
I
check
that
white
paper
in
I
probably
didn't.
A
We
have
it
on
the
city
foundation
website,
we
don't
have
it
engaged
yet.
I
think.
D
You
probably
should
get
the
final
word
doc
version
of
it
or
whatever
it
was
written
whatever
we
put
it
in
finally,.
E
So,
like
a
couple
other
things
that
I've
learned
over
the
years
of
doing
this,
so
we
already
had
kafka
in
place,
so
we
just
used
kafka.
If
I
had
a
shop
to
redo
that
I
would
have
probably
used
red
panda
because
it's
faster
but
had
I
done
that
I
would
have
ended
up
killing
one
of
my
other
objectives,
which
is
to
go
to
cloud
supported.
I
mean
cloud
providers
for
stuff,
and
so
we
are
now
using
the
confluent
cloud
which
gives
us
kafka
and
someone
else's.
E
It's
someone
else's
problem
and
manage
the
cluster,
so
yeah
there's
some
takeaways
here.
You
know
that
okay,.
D
E
E
Yeah
and
for
you
know,
increasing
message
sizes
like
we
can
only
have
a
one
megabyte
message
on
the
kafko
bus
on
our
in-house
support.
You
know
on-prem
run
capco,
because,
honestly,
every
time
we've
tried
to
increase
the
message
size,
we
knock
the.
We
knock
the
instances
over.
E
You
know,
and
so
we're
going
now
we're
moving
to
the
cloud
because
everything's
we're
doing
is
moving
to
the
cloud
we're
moving
to
azure
and
stuff,
and
so
using
confluent
cloud
makes
it
easier
to
access.
You
know
from
our
you
know
an
azure
instance.
So,
but
anyway,
if
I
had
to
do
it
now,
I
would
do
red
panda.
D
So
I
think
that
what
we
have,
I
think
what
we
might
want
to
work
on
is
making
sure
that
internal
to
the
cd
foundation.
Folks,
like
terry
understand
what
we're
doing
and
if
they're
going
to
start
working
on
this
reference
architecture.
We
make
sure
that
we
are
in
there
asking
them
to
contribute
back
to
our
vocabulary
and
that's
how
the
that's,
how
that
reference
architecture
would
be
built.
E
Right,
oh,
that
was
the
other
point
I
had
that
you
know
like
lost
naming
is
hard
right
and
so
the
vocabulary
part
of
this
is
really
important
yeah,
because
we
ended
up.
E
So
we
ended
up
abusing
certain
terms
to
the
point
where
you
almost
can't
talk
without
saying
the
word
four
times
in
a
sentence,
and
it
means
four
different
things
exactly
and
so
I'm
I
think
the
vocabulary
is
very
important
and
then
being
able
to
classify
like
the
kafka
red
pandas
into
this.
Is
your
message?
Bus
or
this
is
your
event.
E
Bus
or
whatever
words
we're
going
to
use
being
able
to
classify
these
tools,
could
help
us
with
the
we're
not
recommending
you
use
capture
red
panda,
but
these
fit
this
category
of
our
reference
and
here's
the
reference
model.
Here's
the
categories
for
the
reference
model,
right
of
vocabulary,
pieces
and
then
here's
an
example
of
what
you
could
use
in
there.
A
A
These
are
like
standard
stages
that
you
may
have
in
a
city
pipeline,
your
build
stages,
these
and
and
so
forth,
and
so
forth,
rather
than
it,
it
will
give
a
framework
that
then
tools
can
use
to
say:
okay
well,
disk,
I
don't
know
the
red
panda,
open
source
community
can
say
in
this
architecture.
We
cover
this
area
and
we
in
our
roadmap.
We
plan
to
extend
to
these
other
terms
and
determine
the
term
of
tecton,
can
go
and
say:
okay.
A
Well,
we
cover
this
type
of
functionality
in
this
reference
architecture,
if
you
want
and
the
same
can
do
open
source
tool,
but
the
same
can
do
also
product
vendors
or
you
know,
service,
offering
companies
like
this
cloud
offerings
and
so
forth.
I
think
if
they
have
a
reference
architecture,
it's
they
can
say:
okay.
Well,
these
are
the
the
things
that
we
implement,
because
there
is
a
reference
architecture.
It's
clear
what
you're
talking
about!
A
A
I
think
I
I
feel
your
your
concern,
tracy,
that
we
need
to
you
know,
make
sure
that
we
go
in
the
right
direction.
I
definitely
agree
that
any
work
that
we
we
do
in
in
the
reference
architecture
should
fit
back
into
the
vocabulary
or
anyway,
I
see
it
as
a
way
to
kind
of
making
sure
that
the
different
seeks
are
working
more
together,
as
opposed
to
start
starting
something
different
that
you
know
goes
away
and
far
from
the
work
that
we're
doing
in
this.
D
D
There
it
is
in
the
chat
I
feel
like
we
get.
You
know
we
put
that
together
really
really
quickly.
We
probably
could
expand
on.
Maybe
that's
something
that
we
could
continue
working
on.
I
feel
like
if
we
put
it
in
markdown
and
put
it
out
there,
instead
of
as
a
cleaned
up
white
paper,
that
maybe
it
could
be
broadened
or
I'm
not
sure
I
just
don't
know
how
we
can
educate
people
within
the
within
the
our
existing
toc.
E
Yeah
it
was,
it
was
yeah.
It
was
a
year
of
basically,
I
felt
like
it
was
a
year
of
touring
around
and
explaining
the
same
thing
in
a
different
way.
Over
and
over
again
until
everybody
got
it
now,
I
I
have
a
little
bit
bigger
audience
than
some
people.
Do
I
mean
I
don't
know
how
many
you
know
developers
you
guys
have.
I
got
about
2
000,
about
2
000,
to
2500
developers
that
I
had
to
go
kind
of
explain
how
this
works
too.
So
it
was
pretty
interesting.
D
D
Are
new
concepts
we're
trying
to
educate
people
on,
and
you
know
in
the
discussions
that
we
had
around
this
reference
architecture-
and
I
you
know
I've
done
this
for
a
long
time
and
I've
never
seen
one
best
practice.
I
believe
there
are
good
practices,
but
there's
not
one
best
practice
and
the
idea
that
we
could
create
a
best
practice
for
anybody,
I
feel
like
is
incorrect.
D
Because
there's
so
many
different
variations
of
companies
and
what
they
need
to
do
and
what
they
need
to
add
and
their
their
own
requirements,
so
the
reference
architecture
is
going
to
have
to
keep
that
in
mind,
and
that's
why
I
kept
going
back
when
I
was
trying
to
put
it
is:
how
do
we
do?
That
is
the
best
way
we
do.
It
is
to
map
it
to
the
vocabulary,
and
I
honestly
think
that
the
vocabulary
then
should
map
back
to
the
landscape.
Now
most
of
you
don't
know
this,
but
I
published
the
initial
landscape.
D
D
But
just
to
categorize
that
kind
of
data
is
extremely
hard
and,
as
we
were
as
I
was
watching
the
vocabulary,
because
I
didn't
really
contribute
much,
I
was
watching
it
and
reading
it.
I
was
starting
to
learn
how
we
could
think
about
these
different
groups
in
a
better
way.
The
problem
with
the
landscape
and
the
problem
with
potentially
a
reference
architecture
is
all
of
us
as
tool
vendors.
We
want
to
be.
You
know
we
want
to
be,
let's
say,
for
example,
I'll
just
use
ortilius
and
deploy
it
as
an
example.
D
We
certainly
can
do
deployments.
We
have
a
deployment
engine,
it's
not
our
primary
focus.
Our
primary
focus
is
gathering
the
data
we
manage
s-bombs,
we
don't
generate
them,
we
consolidate
them.
We
aggregate
lower
level
s
bonds
to
application
levels.
We
we
can
do.
We
could
register
microservices
and
compete
with
something
like
a
backstage,
but
how,
in
the
reference
architecture
in
the
landscape,
only
we
can
only
identify
ourselves
as
one
feature.
D
So
what
feature?
Where
do
we
fit?
Catalogs
aren't
right
now,
there's
like
four
or
five
catalogs
on
the
market.
So
where
do
we
fit?
So
anything
that's
static.
Is
dangerous
right
and
the
landscape
is
somewhat
static
because
you
can
put
yourself
in
one
place
and
you
may
not
even
have
a
category
for
it.
But
if
I
could
have
identified
ourselves
in
terms
of
vocabulary
and
where
we
fit
into
a
vocabulary
about
what's
being
done,
it
would
have
been
easier
not
in
terms
of.
E
D
D
There's
an
interactive
landscape,
it's
nothing
like
the
challenge
of
the
cncf,
but
definitely
it's
got
some
more
it's.
So
if
you
look
at
that,
let's
say
you
want
to
put
yourself
in
a
category
you
have
to.
I
you
have
to
identify
what
your
primary
feature
is.
D
D
D
Yeah,
well,
it
was
I
I
took
it
from.
I
was
dan
was
still
alive
at
the
time
when
I
wrote
it
and
he
he
helped
me
bring
over
the
code
and
start
creating
one
for
the
cdf.
D
So
I
took
exactly
what
he
already
had
in
the
cncf
landscape
and
the
way
it's
written
is
you
can
only
be
in
one
one
box
and
that
kind
of
makes
sense.
Otherwise
it
would
be
worse
than
it
is.
If
you
look
at
the
cncf
landscape
and
assume
everybody
could
be
in
multiple
boxes,
you'd
have
a
total
disaster,
it's
hard
enough
as
it
is,
but
I
feel
like
these
high-level
pipeline
orchestration,
continuous
integration
test
automation.
D
A
D
Right
so
the
reference
architecture
could
then
relate
back
not
to
a
specific
product,
but
a
specific
grouping
of
the
vocabulary.
So
you
you're
going
to
need
something.
I
don't
know
what
the
vocabulary
would
be
for
pipeline
orchestration,
but
it
would
be
it
would
map
to
our
vocabulary,
and
then
you
can
select
what
you
want
inside
here,
but
even
with
like
the
way
it's
defined
now
I
would
say,
for
example,
that
spinnaker
is
more
of
a
release,
automation,
tool
and
it
is
a
c
pipeline.
D
D
A
I
think
this
is
great
great
input
on
on
this.
If
you,
if
you
are
going
to
start
it
the
reference
architecture,
I
think
we,
these
are
things
that
definitely
we
need
to
keep
in
mind
and
in
my
understanding
at
least,
this
is
not
like
diverging
from
from
the
idea
at
least
to
how
we
understood
it
until
now
yeah,
so
I
definitely
agree
we
need
like
we
can
call
it
vocabulary,
but
yeah,
so
I
think
that
the
reference
architecture
should
should
be
aligned.
A
D
D
D
Yeah
across
things
and
the
landscape
put
in
there,
so
I
really
think
that
the
reference
architecture
should
eventually
map
back
to
the
landscape
so
that,
if
you're
a
vendor-
and
you
weren't
a
part
of
this-
you
could
go
ahead
and
easily
add
yourself
to
the
right
vocabulary
in
the
landscape,
so
that
your
event
would
be
clearly
defined
and
your
role
in
the
reference
architecture
would
be
clearly
defined
and
it
would
be
somewhat
dynamic.
It
would
be
dynamic
because
you
could
add
yourself
now.
D
A
Yeah
I
mean
specifically
for
the
landscape
I
feel
like,
like
you
said.
It
makes
sense
to
have
like
a
single
box
for
the
overarching
view,
but
it
would
be
good
to
be
able
to.
You
know,
tag
the
different
tools
in
relation
with
functionality
they
can
provide,
even
if
it's
not
the
primary.
So
let's.
D
A
Like
if
you
want
to
say,
I
want
to
filter
all
the
tools
that
they
have
some
s-bomb
capabilities,
and
you
know
you
could
see
them
all
and
you
don't
need
to
have
like
an
s-bomb
block
in
the
main
landscape,
where
you
see
every
tool
because,
like
it's,
some
tool
has
as
well
capability,
but
it's
not
their
primary
capability.
You
don't
want
to
see
it
in
the
s-bone
box,
but
you
still
maybe
want
to
be
able
to
see
that
they
can.
A
D
A
D
A
Right
so
about
the
the
working
group
to
define
vocabulary
for
six,
so
we
have
a
toc
called
tomorrow.
I
won't
be
able
to
join
tomorrow.
Unfortunately,.
A
Do
you,
how
do
we
want
to
to
bring
a
proposal
to
to
the
toc?
Shall
we
prepare
start
working
on
a
document
for
that
tracy?
What
do
you
think.
D
D
And
we
had
we
had
persia
on
the
topic.
Okay,
let
me
see
if
I
can
write
something
up,
or
at
least
reach
out
to
is
terry
on
the
toc.
Do
you
know
andrea
andrea
is
terry
coxer.
D
D
A
All
right
a
lot
of
interesting
discussion
today,
so
we
only
have
three
minutes
left,
but
I
I
just
wanted
to
say
it
definitely
would
like
to
see
topics
like
associated
with
the
open,
ssf
s
bomb
and
so
forth,
supported
in
city
events,
and
we
don't
have
anything
in
that
area
yet.
B
B
D
B
Yeah,
I
think,
from
the
cncf
and
open
ssf
perspective.
I
can
definitely
demo
some
things
and
show
off
what
we're
looking
to
do
and
where
we
think
cd
events
would
be
really
useful
right
because,
like
as
an
example
right,
we
have
the
cncf
secure
software
factory
reference
architecture,
which
is
essentially
just
a
hey.
Here's.
B
What
a
secure
build
would
look
like
in
like
the
kubernetes
universe,
the
cloud
universe
and
I
think,
a
lot
of
the
stuff
that's
described
there
is
when
people
look
at
implementations,
there's
a
lot
of
components
that
we
would
imagine
would
be
communicating
over
using
stuff
like
cd
events,
so
that
folks
can
sort
of
build
out
the
secure
software
factory
that
they
need.
B
Based
on
you
know,
whatever
tools,
you
know
that
that
would
be
used
there.
So
I
think
we
can
demo
some
stuff
there
we're.
Actually,
it's
it's
interesting
that
you
brought
some
of
this
stuff
off,
because
some
of
these
things
are
things
that
we've
been
also
been
talking
about
in
fresco,
which
fresca
is
an
open,
ssf
tool
that
that
I'm
leading-
and
some
of
us
here
are
contributors
to
which
you
know
utilizes
tecton
and
all
those
other
things
to
sort
of
build
out
a
secure
build.
B
But
one
of
the
things
that
has
been
missing
is
like
hey
as
we
do
some
of
this
stuff
a
lot
of
it.
We
want
to
sort
of
transform
this
into
more
of
that
event,
driven
ci
tool,
cicd
tool
where
you
can
plug
in
new
security
tools
and
yaya
as
you
need
to
and
based
on
the
event
driven
nature
of
it.
As
these
things
kind
of
come
in,
you
can
go
and
say,
like,
as
part
mentioned,
okay,
cool
we're
doing,
runtime
visibility
based
on
events
that
come
in.
If
you
don't
have
runtime
visibility,
that's
okay!
B
You
just
don't
perform
that
action
or
whatever
and
then
be
able
to
then
tie
that
all
back
into
stuff,
like
salsa
and
some
of
the
supply
chain
security
pieces,
so
that
we
can
apply
policy
against
some
of
this
software,
that's
being
built
and
deployed
out.
We
can
go
and
say
great,
you
know,
you've
done
all
you
know.
We
have
events
that
potentially
themselves
are
attestations
at
some
level
right.
We
have
signed
metadata
coming
out
of
all
these
various
tools
like
the
s
bomb
generation
and
all
these
other
things
great.
B
Then
we
can
go
and
you
know
verify
the
policy
and
you
know
ensure
that
only
things
get
deployed
to
production
that
are
whatever
right.
B
Oh
andrea,
if
you're
talking,
I
think,
you're
on
mute.
B
A
A
R
s
e
a
okay,
yep,
okay
yeah.
If
you
want
to
to
complement
my
notes,
then
my
for
plan
for
future
presentation
that
that'd
be
great
sorry,
I'm
really
terrible
at
taking
notes
and
listening
at
the
same
time
but
yeah.
A
I
think
it
would
be
really
great
to
see
that
in
this
group-
and
I
would
really
like
to
see
yeah
how
we
can
collaborate
and
that
make
sure
that
cd
events
goes
in
a
direction
that
is
useful
for
you
for
those
groups,
for
you
guys,
so
we
have
been
driving
the
the
development
of
city
events
through
pocs
increase
of
concepts
and
demos
and
currently
working
on
a
demo
to
build
basically
to
collect
dora
metrics
through
for
city
events
and
yeah.
A
It
would
be
great
to
to
build
more
integrating
with
yeah
cncf
ref
architecture,
open
ssi
for
fresca
yeah.
That
would
definitely
be
cool
cool
yeah
looking
forward
to
it.
So
I
know
we
are
over
time
just
very
quickly.
Very
briefly,
I
just
wanted
to
say
I
mean
august
is
probably
relatively
quiet
in
terms
of
six
attendance,
but
we
are
around
and
all
our
meetings
are
recorded.