►
Description
Fatih Degirmenci & Gerard McMahon talk with John Furrier & Rob Strechay at Open Source Summit NA 2023 in Vancouver, Canada.
#ossummit #linuxfoundation #thecube
A
Welcome
back
everyone
to
the
live
Cube
coverage
here
in
Vancouver
for
open
source
Summit
2023
I'm
John
Furrier,
with
my
co-host
Rob
streche
we're
going
to
talk
about
the
CD
Foundation.
We've
got
a
great
end
user,
Fidelity
Investments
here
inside
the
cube,
Fati
jamachi
who's,
the
executive
director
of
CD
foundation
of
the
Linux
foundation
and
Gerard
McMahon
product
area,
leader
for
Alm
tools
and
platforms
at
Fidelity
Investments.
Gentlemen,
thank
you
for
coming
on.
Thanks.
A
So,
thank
you
for
coming
on
Fidelity
great
end
use.
I
know
you
guys
do
a
lot
of
r
d,
a
lot
of
development.
It
was
on
the
Forefront
of
it
at
Foxy.
The
foundation
is
doing
very
well.
Congratulations
on
your
momentum.
Yeah
yep!
Let's
get
into
the
momentum,
give
us
some
updates
from
the
snapshot
of
what
you
guys
were
releasing
and
on
stage
today.
Some
great
news
share
the
update,
yeah.
B
This
week
we
see
great
momentum
for
those
projects
and
many
different
organizations
are
joining
to
support
our
mission
because
continuity
Foundation
is
a
place
for
everyone
to
come
and
contribute,
and
collaborate
on
contractor
and
devops
topics
to
make
sure
we
push
domain
forwards
in
a
collaborative
Manner
and
one
of
the
announcements
we
made
was
about
cdos
project
which
brings
interval
to
continuous
ecosystems,
so
the
organizations
could
use
these
different
content
server
Technologies
in
an
interoperable
manner,
which
is
a
big
win
for
everyone
in
the
ecosystem.
We.
A
Will
talk
about
platform
engineering
for
years
on
the
cube
this
past
year
we
got
definition
around
kind
of
what
it
is.
It's
not
SRE.
That's
what
Google
does
all
the
big
guys
it's
more
more,
it's
we
call
it
a
kubecon,
more
mainstream,
a
lot
of
traction,
a
lot
of
stories
around
that.
But
you
know
the
CD
is
big
part
of
platform,
engineering,
interoperability
and
supply
chain.
Fidelity.
You
guys
have
some
news
open
sourcing,
some
tools,
let's
get
into
that.
What's
the
update
yeah.
C
We're
delighted
we're
you
know:
financial
services
company
we're
very
much
into
our
digital
transformation
now
within
Cloud
adoption,
and
one
part
of
it
is
how
do
we
Embrace
open
source?
More
open
source
brings
the
world
of
many
thousands
and
thousands
of
developers
from
all
over
the
world
with
all
different
experiences,
and
essentially
they
create
better
code.
When
you
have
a
thousand
eyes
on
a
piece
of
code
and
you
have
a
thousand
people
collaborating
communicating
discussing
Etc,
you
know
that
you
can
trust
in
that
code
and
it
scales
out
faster.
C
So
we
as
part
of
the
day,
you
know
we're
an
end
user
member
of
the
contiguous
delivery
foundation
and
one
thing
we
contributed
recently
as
part
of
CD
events
was
Jenkins
plugin.
So
as
Jenkins
runs
and
runs
pipelines,
it
runs.
You
know
what
you
do
in
your
pipeline,
your
different
stages
and
steps
Etc.
We
just
wanted
to
know
what
that
all
that
data
was.
You
know
compliance
security,
quality
et
cetera,
so
we've
contributed
that
to
the
open
source
back
to
the
community.
C
C
What
helps
us
understand
the
continuous
integration
and
continuous
delivery
of
process
for
each
application
as
they're
deploying
to
Cloud.
So
are
you
security
scanning?
Have
you
got
any
vulnerabilities?
Have
you
done
code
quality
scanning?
Have
you
done
your
chaos,
testing
or
performance
engineering?
Have
you
run
your
governance
and
your
compliance
checks?
So
we
can
have
evidence
of
security
and
compliance
around
the
srlc
process
and
have
a
really
consistent
then
for
every
application
team
in
Fidelity.
How.
D
C
You,
you
know
think
if
you
think
way
back
the
monolith.
You
know
we
deployed
to
Data
Centers.
You
had
this
giant
artifact
that
was
produced
over
a
period
of
time,
and
that
was
that
was
the
extent
of
it.
You
handed
that
to
somebody
and
they
put
it
into
the
environment
today
with
Cloud,
we
think
of
there's
infrastructures
codes.
There
is
your
applications,
your
microservices,
so
the
complexity
and
the
amount
of
work
that
an
application
team
has
to
do.
C
D
Business
does
that
help
when
you're
rolling
out
yet
you're
transforming
your
internal
applications
as
you
digitize
them
and
as
you
transform
them
to
be
more
Cloud
native?
Is
this
helping
you
report
back
to
the
health
of
those
applications
and
where
they
are
in
supporting
your
your
customers?
Absolutely.
C
So
one
thing
is:
it
provides
us
the
consistency
in
how
to
get
to
the
Cloud,
so
we
can
build
those
guardrails
into
the
platform.
So,
as
teams
are
going
to
Cloud,
they
can
go
as
fast
or
slow
as
they're
capable
of
doing
or
as
their
maturity
increases.
But
the
guard
Reds
are
constantly
there
to
keep
them
safe
and
secure.
C
Were
having
this
conversation
yesterday
that
we're
all
solving
the
same
problem
and
that's
I,
think
one
of
the
benefits
of
the
foundations
is.
We
can
all
work
together
through
the
open
source
Community
to
solve
these
problems
as
an
industry,
and
then
everybody
all
the
Enterprises
can
then
adopt
those
Solutions,
because
it
is
it's
common.
A
B
What's
the
update
quite
a
long
time?
Well,
it's
actually
what
you
asked
about
platform
engineering
as
well
like,
if
you
think
about
a
typical
Pipeline
and
if
you
have
different,
you
know
technologies
that
I
want
to
make
those
capabilities
available
to
our
the
open
door
organization
that
Pipeline
and
surrounding
Technologies
need
to
be
integrated
to
platform.
So
the
developers
don't
see
those
details
and
they
focus
on
adding
business
value,
as
JR
said,
but
currently
because
of
lack
of
interability
within
the
ecosystem.
B
That
effort
bringing
those
different
Technologies
together,
whether
it
is
like
software
code
configuration
management,
build
tools,
artificial
cicd,
orchestrators,
test,
Frameworks,
observability
tools,
application
security
tools
because
of
lack
of
Internet
common
language.
The
problem
becomes
so
huge
and
everyone
needs
to
do
this.
Integration
themselves,
spending
time,
effort
and
energy,
it's
costly
and
it's
open
to
problems
because
open
source
Community
is
more
fast.
Your
integration
may
be
broken
the
next
day.
What
interability
brings
into
picture
is
to
remove
this
complexity
and
actually
make
sure
all
these
different
types
of
Technologies
can
speak
on
the
same
language.
B
D
B
Tools
that
is
one
of
our
announcements
we
made
during
our
cdcon
event,
Monday
and
Tuesday
this
week.
In
addition
to
Jenkins
Ericsson,
for
example,
from
telecommunications
industry,
they
contribute
a
request
for
comment
to
Spinnaker
project,
which
was
accepted
by
the
speaker
comment
recently,
and
the
implementation
is
currently
happening
and
if
you
think,
Jenkins
and
Spinnaker
many
organizations
use
these
two
technologies
together.
Junk
is
for
CI,
perhaps
technical,
for
continuous,
deploying
on
sites,
and
this
will
allow
them
to
use
these
different
Technologies
together
seamlessly
because
of
this
City
events.
B
Protocol
or
interval
Tech
Force
we
have
the
third
project,
is
stacked
on
they're,
an
experimental
controller
again
using
CD
runs
bringing
into
reality,
and
we
got
a
question
recently
asking
like
what
about
the
projects
outside
of
CD
foundation,
and
we
have
a
project
called
test
curve,
which
is
an
independent,
open
source
project
and
they
recently
introduced
test.
Events
to
CD
runs
protocol
making
test
framework
to
speak
in
same
language
So.
B
Currently,
we
have
these
four
projects
adopting
CD
events,
bringing
interoperability
for
their
users,
and
we
are
talking
with
cncf
projects
such
as
Argo,
Lux,
Harbor
and
so
on,
to
find
out
how
we
can
bring
them
to
this.
You
know
broader
collaboration
effort
and
having
traveled
across
different
projects,
regardless
of
where
they
are.
D
Yeah
I
think
it
also
the
one
thing
and
I
think
Tracy
actually
brought
it
up.
Was
that
security
right?
Because
I
look
at
this
and
you
know
s-bomb
is
the
he.
You
know
the
the
sexy
new
thing
to
talk
about
all
everybody's
got.
You
know
we
do
this
for
s-bomb.
We
do
that
for
s-bomb.
How
does
this
play
into
the
security
aspect
of
that
as
well?
D
B
C
So
it's
you
know.
Security
starts
with
the
developer.
The
idea
at
their
fingers
and
security
is
continuous
when
that,
when
your
application
is
running
in
production,
security
is
continuous
and
it
happens
across
every
stage.
So
how
you
know
how
we
maintain
that,
how
we
ensure
that
we
are
secure
and
safe
on
a
continuous
basis.
You
know
that's
where
we
I
look
and
see
the
events
as
well
as
a
way
of
how
can
it
provide
a
you
know
the
consistent
way
to
talk
about
security,
communicate
with
you
around
the
end
of
right
security.
C
So
we
can
constantly
monitor
security
across
whether
it's
the
developer
coding,
whether
it's
you
know
something
like
log4j,
which
can
after
the
fact
right.
So
it
was
something
that
have
secure
one
day,
not
secure
the
next
day,
so
that
it
allows
us
build
tooling,
build
monitoring,
build
observations,
observability,
honor
security,
posture
and
no
matter
at
what
stage
of
the
sdlc.
B
One
of
the
key
things,
especially
when
we
talk
about
microsource,
Cloud
native
and
this
you
know
desegregated.
You
know
world
if
you
think
about
like
a
comet
going
through
pipelines
and
getting
part
of
many
microservice
and
getting
employed
to
many
different
regions
around
the
world.
The
traceability
becomes
a
big
issue
and
security
and
traceability
closely
related.
If
you
learn
that
there's
a
CV
in
one
of
the
applications
running
in
production
amount
in
one
of
the
regions
around
the
world,
you
don't
have
too
much
time
to
fix
that
issue
and
such
interability
helps.
B
You
track
your
steps
back
from
the
deployment
back
to
Comet,
so
you
can
easily
identify
which
comment
actually
introduced
that
problematic
dependency,
for
example.
So
we
I
personally
think
the
intervals
and
security
they
go
hand
in
hand
like
if
you
don't
have
interoperability,
you
can't
trace
back
to
the
origin
of
the
problem
and
that
actually
becomes
much
more
difficult
thing
and
the
other
thing,
if
you
think
about
integration
integration.
In
this
context,
integration
causes
loss
of
information,
because
when
you
integrate
photos
together,
then
some
things
will
not
be
available.
B
A
C
And
it
also
allows
you
prove
right.
So
if
you
sign
anything
so
it
allows,
you
prove
that
this
object,
whatever
it
contains
and
what
you've
signed
it
is
it
allows
you
verify
that,
and
so
you
can
be
constantly.
You
know
there
is
a
trust
model,
but
you're
almost
always
able
to
verify
that
trust.
At
many
points
it's.
A
A
Don't
think
that's
accurate,
I
think
it's
more
of
platform.
Engineering
came
from
infrastructure
as
code
which
comes
from
you
know,
SRE
kind
of
mindset
so
I
want
to
get
your
definition
of
what
platform
engineering
is
I
mean
for
the
mainstream
market,
because
there's
the
hardcore
hyperscalers
that
do
stuff
at
such
scale,
but
I
call
them
a
little
bit
of
an
anomaly
they're
like
a
unicorn.
They
do
their
thing,
but
Enterprise
is
starting
to
get
that
scale
going.
So,
as
platform
engineering
comes
in,
what
does
it
mean?
What
is
it
and
then?
A
C
Actually,
the
organization
of
Workforce
called
cloud
and
platform
engineering
we
just
actually
we
were
the
cloud
engineering
team
so
enabling
Cloud
for
Fidelity
and
now
we're
adopt.
You
know
going
moving
into
the
platform
space,
so
when
you
think
of
an
application
team
they're
taking
an
application,
their
business
value,
their
business
code,
putting
it
onto
the
cloud
environment
and
then
making
you
know
so,
their
customers
can
access
that
value.
C
There's
a
tremendous
amount
of
infrastructure
and
Resort
Cloud
resources
that
need
to
be
created
as
part
of
just
enabling
that
technology
or
that
value
to
be
accessible
every
you
know
we
have
4
000
application
teams.
If
every
application
team
is
cons,
is
building
out
that
application
infrastructure
building
out
all
of
those
resources
they're
taking
time
away
from
the
values
Market
that
our
customers
are
looking
for
us
so
but
the
platform
to
me
enable
application
teams
deploy
their
value
much
quicker.
C
A
Okay,
now
the
next
question
great.
Thank
you
very
much
for
highlighting
that
super
valuable.
Now,
the
next
level
is,
as
third
party
tools
come
in
and
manage
services
from
skill,
Gap
standpoint.
How
do
you
guys
look
at
that?
Obviously
Fidelity
a
little
bit
probably
have
more
developers
to
say
the
average
company,
but
for
the
most
part,
how
do
you
deal
with
managed
services
and
things
of
that
nature?
So
we.
C
We
look
at
the
platform
not
as
as
an
abstraction
on
top
of
either
Individual
Services
capabilities.
We
write
ourselves
manage
services,
our
third-party
tools,
and
you
know
that
we
might
purchase
from
a
vendor
and
then
it's
the
platform
and
the
experience
of
consuming
that
platform
is
where
we
then
look
at
creating
on
top
right.
So
you
can
have
like
if
we
take
CI
CD,
you
have
your
Source
control
management
system.
You
have
your
CI
system,
your
CD
system,
your
code
scanners,
your
security
scanners,
you've
got
all
of
these
things.
C
A
A
C
A
A
Before
joining
the
senior
Foundation.
B
I
was
working
as
software
engineer,
working
with
different
tools
and
Technologies,
and
no
for
software
Engineers.
When
you
see
a
problem
there
you
have.
This
urge
I
need
to
go
and
fix
this,
and
if
you
do
something
three
times
manually
on
all
you
go
and
think
I
need
to
automate
this,
and
this
actually
results
in
creating
solutions
that
becomes
useful
to
your
friends
within
your
team.
Then
it
becomes
useful
to
other
teams,
and
then
you
grow
this
kind
of
platform
like
thing
from
within
the
team,
and
that's
been
there
quite
for
quite
some
time.
B
You
know
you
create
these
things,
put
a
web
interface
in
front
of
it,
and
people
just
push
few
buttons
feed
boxes,
that's
the
platform
in
very
simple
terms,
but
where
we
are
going
now
is
we
are
still
you
know,
learning
what
the
platform
engineering
means:
In,
This,
Cloud
native
world,
or
in
this
you
know
new
age,
I.
Think
as
JR
said,
like
every
passing
day,
we
will
be
putting
different
Technologies
under
this
platform.
B
A
Because
platform,
engineering-
the
way
you
describe
it-
is
a
centralized
operational
construct
as
well,
but
you
can
have
an
application
that
could
be
system
oriented
with
dependencies
yeah
across
groups.
Yeah,
that's
an
application,
yeah
yeah!
You
could
they're
different,
but
kind
of
not
right,
correct.
C
They're
different
but
yeah,
but
they're,
similar
in
function
and
again
yeah.
This
was,
is
you
know
if
we
take
and
then
the
other
thing
that
platforms
can
do
is,
and
there
is
a
finite
number
right?
It's
it.
There's
not
just
multiples
is
platform
to
platforms.
So
that's
another
opportunity,
I
think.
So,
if
we
take,
you
know
observability
in
SRE,
in
your
Production
Services
and
you've
got
your
software
delivery.
Can
you
combine
the
data
and
the
intelligence
between
them
to
offer
something
of
more
value?
Do
you.
D
Find
that
that
actually
gets
pushed
back
from
the
developers
because
they
feel
like
they're
constrained
in
what
platforms
they
can
use.
Just
speaking
out
of
my
experience
at
Amazon,
it
was
the
Wild
West
right.
Every
two
Pizza
team
could
go
and
do
whatever
the
hell
they
wanted,
which
I
think
it's
the
complete
opposite.
A
C
Better
in
your
way
and
yeah,
so
so
that's
a
constant
balance
right,
I
think
you've
got
to
find
a
way
to
allow
developers,
innovate
and
allow
them
allow
their
ideas
to
come
back
in
right.
So
we
say
hey
well,
this
is
a
fantastic
idea.
We
see
Five
Ten
teams
adopting
this.
Maybe
that's
a
time
to
bring
that
back
in
into
the
center
and.
A
A
C
But
they're
not
but
they're,
not
yes,
yeah
and
it's.
How
do
you
allow
them
innovate
and
how?
How
do
you
allow
them
to
contribute
backs?
We
talk
about
open
source
being
in
the
community.
Can
you
have
inner
source?
So
you
know
one
of
the
concepts
we
have
in
Fidelity
is:
how
do
we
enable
the
inner
Source
community
so
all
of
our
internal
developers
and
that
they
can
contribute
and
that's
where
I
think
you
get
adoption
and
openness
to
you
know
to
to
use
these
things
because
you're
part
of
creating
it
yeah.
A
B
State
of
City
report
is
a
report
we
publish
on
a
yearly
basis
during
our
silicon
event,
which
the
fourth
one
was
published.
This
Monday
and
state
of
City
report
aoles
the
software
delivery
performance
across
different
types
of
organizations,
small
medium,
large,
Enterprises,
different
Industries
and
so
on.
So
the
report
is
available
on
our
website
city.foundation
and
it
has
many
interesting
findings
like
use
of
different
Technologies,
how
it
helps
organizations
to
become
better
performing
organizations
and
so
on.
So
I
I
think
you
should.
A
Change
devops
continues
to
devsec.
Ops
continues
infrastructure
as
code
really
amazing
story.
Cloud
continues
to
Boom
platform
engineering,
enabling
develops
to
be
faster
and
more
secure,
and
this
is
what
it's
all
about
in
open
source.
It's
thecube
bring
you
all
the
action
from
open
source
Summit
here
in
Vancouver,
I'm
John
Furrier
with
Rob
stretchy
stay
tuned
for
more
segments.
After
this
short
break.