Sonatype and Cloud Native Computing Foundation Partner to Improve Open Source Security and Raise $50,000 in Diversity Scholarships


Organizations Launch Innovative Security Slam Virtual Event Leading up to KubeCon + CloudNativeCon

October 6, 2022 -- Fulton, Md. -- Sonatype, the pioneer of software supply chain management, in partnership with The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, has announced an inaugural virtual Security Slam event to help improve their projects’ security posture, while raising $50,000 for its Diversity Scholarship Fund donated by Google.

Security Slam is a virtual event aimed at improving the security posture of all CNCF open source projects. This new event will use CNCF’s automated CLOMonitor that measures project security, enabling maintainers and contributors to work together and improve participating project’s overall security. Every CNCF project that reaches 100% Security status will win prizes for its top participating maintainers and contributors, including free Linux Foundation courses, gift cards to the CNCF online store, and more.

“From our ongoing stewardship of Maven Central to the creation of our free developer solutions like OSS Index, Sonatype has a long history of supporting the open source community,” says Brian Fox, co-founder and CTO of Sonatype. “We are ecstatic to partner with CNCF and Google on this event to improve CNCF projects’ security, while raising funds that can help expand our community to include more individuals from historically underrepresented groups.”

Additionally, the top overall contributor will win free airfare and hotel to the next KubeCon + CloudNativeCon, courtsey of Open Source Travel Fund by Community Classroom. Plus, for every project that achieves 100% Security, Google will donate $2,500 to CNCF’s Diversity Scholarship Fund, which helps underrepresented individuals become valuable members of the CNCF community. The event will culminate at KubeCon + CloudNativeCon 2022 North America in Detroit, where winners will be announced October 24-26, 2022.

“We’re thrilled to be putting on this event that will help our projects become even more secure, while garnering the largest donation we’ve ever received for the CNCF Diversity Scholarship Fund and giving prizes to our valued contributors and maintainers,” said Chris Aniszczyk, CTO of the Cloud Native Computing Foundation.

To learn more about the Security Slam, visit

Open source maintainers can sign their project up for participation here, and open source contributors can sign up to participate here.

Sonatype is the software supply chain management company. We empower developers and security professionals with intelligent tools to innovate more securely at scale. Our platform addresses every element of an organization’s entire software development life cycle, including third-party open source code, first-party source code and containerized code. Sonatype identifies critical security vulnerabilities and code quality issues and reports results directly to developers when they can most effectively fix them. This helps organizations develop consistently high-quality, secure software which fully meets their business needs and those of their end-customers and partners. More than 2,000 organizations, including 70% of the Fortune 100, and 15 million software developers already rely on our tools and guidance to help them deliver and maintain exceptional and secure software.