Open Source Summit North America 2025

Open Source Summit North America 2025

June 23 - 25, 2025
Denver, Colorado
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit North America 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Mountain Daylight Time (UTC/GMT -6). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

11:20am MDT

State of the CD Foundation - Dadisi Sanyika, CDF Governing Board Chair, Apple

Monday June 23, 2025 11:20am - 12:00pm MDT

Bluebird Ballroom 3B

Speakers

Dadisi Sanyika

CDF Board Chair, Spinnaker TOC, Engineering Manage, Apple, Inc.

I am Board Chair for the Continuous Delivery Foundation (Linux sub-foundation) and lead a team of engineers at Apple dedicated to improving the Continuous Deployment experience for teams and the community. Our contributions are focused on extending scalability and multi-tenant capabilities... Read More →

Monday June 23, 2025 11:20am - 12:00pm MDT
Bluebird Ballroom 3B

cdCon

1:30pm MDT

Implementing Zero Trust Security in Jenkins Pipelines With Open Source Tools - Steve Taylor, DeployHub, Inc

Monday June 23, 2025 1:30pm - 1:50pm MDT

Bluebird Ballroom 3B

As cyber threats become increasingly sophisticated, the traditional perimeter-based security model no longer suffices. Zero Trust Security offers a modern framework that assumes no entity—user, device, or application—can be trusted by default, emphasizing "never trust, always verify." But how can this framework be applied effectively within automated CI/CD pipelines like Jenkins?

In this talk, we’ll provide a practical introduction to Zero Trust Security, exploring its key principles and the critical role it plays in modern software delivery. Attendees will learn how to integrate Zero Trust practices into Jenkins pipelines using powerful open-source tools. From secrets management to policy enforcement and continuous vulnerability management, this session will provide actionable steps to secure the entire software development lifecycle.

Speakers

Steve Taylor

CTO, DeployHub

Steve Taylor is a visionary and leader in open-source security, DevOps, and securing the software supply chain. Long before “CI/CD” became a buzzword, Steve was designing cutting-edge pipelines for Fortune 1000 companies, redefining how software is built and deployed. His innovative... Read More →

Monday June 23, 2025 1:30pm - 1:50pm MDT
Bluebird Ballroom 3B

Audience Experience Level Beginner

1:50pm MDT

A Secure Tekton Task by Using Confidential Containers - Tatsushi Inagaki, IBM

Monday June 23, 2025 1:50pm - 2:10pm MDT

Bluebird Ballroom 3B

Software supply chain attack is an emerging threat for today’s enterprises. An attacker first gets an internal network access of the target enterprise, typically by using social engineering. Next the attacker gets administrator access to a software supply chain of the enterprise. Finally the attacker injects a backdoor into a built artifact and steals confidential information or digital assets from the enterprise, or even worse from customers.

A critical attack surface here is the administrator of the software supply chain. Confidential Containers is an open source project to protect containers from administrators by using trusted execution environments (TEEs). It protects a Kubernetes pod from a cluster administrator by running the pod inside of a TEE and validating the pod by remote attestation.

This talk presents a use case of Confidential Containers to protect a Tekton task. You will understand how Confidential Containers protects a task and artifacts even when the cluster administrator is compromised.

Speakers

Tatsushi Inagaki

Staff Research Scientist, IBM

Tatsushi is working on research to enhance the security of IBM Z. He contributed to various open source projects. He is recently contributing to Confidential Containers, which is a sandbox project of Cloud Native Computing Foundation.

Monday June 23, 2025 1:50pm - 2:10pm MDT
Bluebird Ballroom 3B

Audience Experience Level Advanced

2:25pm MDT

Securing the Software Supply Chain: Integrating OpenSSF Scorecard, Jenkins, and the Ortelius Project - Tracy Ragan, DeployHub, Inc

Monday June 23, 2025 2:25pm - 2:45pm MDT

Bluebird Ballroom 3B

As the number of software vulnerabilities grows, the need for robust, automated security practices in DevOps pipelines is more critical than ever. OpenSSF Scorecard, an initiative by the Open Source Security Foundation (OpenSSF), provides a framework for evaluating the security posture of open-source projects. Ortelius, an open-source platform and dashboard, builds on this foundation by offering continuous vulnerability tracking and management, integrating with tools like OpenSSF Scorecard and OSV.dev.

Adding to this ecosystem, Jenkins plays a pivotal role as a CI/CD powerhouse, making it an ideal candidate for advancing continuous vulnerability management. In this talk, we’ll explore how integrating Ortelius and OpenSSF Scorecard into Jenkins pipelines empowers teams to automate vulnerability scanning, track security metrics, and respond to threats more efficiently. Attendees will learn how to leverage these tools together to create a secure and automated development lifecycle.

Speakers

Tracy Ragan

CEO, DeployHub, Inc.

Tracy is a recognized expert in software supply chain security and DevSecOps, specializing in managing complex, decoupled architectures. She is the CEO of DeployHub, a scalable continuous vulnerability management platform that empowers software to 'self-heal' by automatically applying... Read More →

Monday June 23, 2025 2:25pm - 2:45pm MDT
Bluebird Ballroom 3B

Audience Experience Level Intermediate

2:45pm MDT

Lock the Chef in the Kitchen: Enabling Accurate SBOMs Via Hermetic Builds - Adam Cmiel, Red Hat

Monday June 23, 2025 2:45pm - 3:05pm MDT

Bluebird Ballroom 3B

Imagine your source repository is a kitchen, and the CI task that builds your software is a chef cooking soup. Most attempts to obtain the list of ingredients for the soup will fall into one of two categories.

"Source SBOM" tools gather the list of ingredients by scanning the entire kitchen. There are some recipes and ingredients in the kitchen, but are all of them relevant? Are they correct and complete? What if the chef looks up the recipe online and then orders the missing ingredients?

"Analyzed SBOM" tools try to derive the list of ingredients from the finished soup. This is hard to do well, impossible when the ingredients dissolve completely. And the tool has no chance of knowing where the ingredients came from.

How about we do this: Select the right recipe(s) for the soup. Buy all the ingredients ourselves. Leave them in the kitchen and lock the chef in there until the meal is done. We now have a complete list of ingredients (or a failed soup), and we know where we got them.

Meet Hermeto, a tool that enables your CI pipeline to lock the chef in the kitchen!

Speakers

Adam Cmiel

Senior Software Engineer, Red Hat

I'm a software engineer at Red Hat. I work on Konflux, an open-source CI/CD system focused on supply chain security (that we also use internally at Red Hat to build and release products). I focus on enabling builds to be as secure as possible.

Monday June 23, 2025 2:45pm - 3:05pm MDT
Bluebird Ballroom 3B

Audience Experience Level Intermediate

3:35pm MDT

Reducing the Risk of Source Tampering With SLSA - Tom Hennen, Google

Monday June 23, 2025 3:35pm - 3:55pm MDT

Bluebird Ballroom 3B

In 2023 Supply-chain Levels for Software Artifacts (SLSA) was released. It provided a framework for protecting software from tampering within the CI/CD workflow from source to publication. Now it’s nearing completion of the SLSA Source Track which brings a similar level of assurance to the management of source code.

The Source Track addresses the threat of tampering with source code within the repository and allows malicious changes to source to be attributed to the actors that introduced those changes. In addition, it provides a framework for recording additional results about source revisions such as if a code review was performed or if the source was analyzed by SAST tools.

We’ll cover how this track can prevent attacks like the 2021 attack against PHP where malicious commits were added to the PHP repository and how it can be used to ensure additional controls (like code review) are implemented to protect against attacks like the recent one against xz. Finally we'll discuss how the source track can be implemented in existing source control systems by examining a proof-of-concept that enables Source Level 3 without specialized support from the source control platform.

Speakers

Tom Hennen

Senior Staff Software Engineer, Google

Tom is a Senior Staff Software Engineer at Google where he’s a UTL on the Software Supply Chain Integrity program. He’s responsible for securing the internal software supply chain, while limiting toil. His focus is ensuring interoperability, extensibility, and adoption of Google’s... Read More →

Monday June 23, 2025 3:35pm - 3:55pm MDT
Bluebird Ballroom 3B

Audience Experience Level Intermediate

3:55pm MDT

Securing OIDC Federation in CI/CD Workflows - Billy Lynch, Chainguard

Monday June 23, 2025 3:55pm - 4:15pm MDT

Bluebird Ballroom 3B

OIDC and workload identity are fantastic ways to improve the security of CI/CD workflows. They offer a mechanism to get rid of traditional long lived keys and access tokens, with many APIs offering ways to use these tokens across environments.

However, the security of identity federation is only as strong as the policies that back them. If used incorrectly, it can be exploited to gain access to sensitive resources and potentially compromise your supply chain to use your own CI/CD platform against you.

In this talk we'll do a deep dive on OIDC and identity federation. We'll look at some of the common risks that come while using it, and strategies to help secure your environment and define strong security policies.

Speakers

Billy Lynch

Staff Software Engineer, Chainguard

Billy is a staff software engineer at Chainguard, working on developer tools and securing software supply chains for everyone! He is a contributor and maintainer to the Sigstore, Tekton, and gittuf projects, and is the creator of gitsign. Prior to working at Chainguard, Billy worked... Read More →

Monday June 23, 2025 3:55pm - 4:15pm MDT
Bluebird Ballroom 3B

Audience Experience Level Intermediate

4:30pm MDT

How We Progressively Deliver Changes To Kubernetes Using Canary Deployments and Feature Flags - Bob Walker, Octopus Deploy

Monday June 23, 2025 4:30pm - 4:50pm MDT

Bluebird Ballroom 3B

This is the case study of how we changed how we ship software.

With thousands of customers, each in their own Kubernetes container, deploying updates was tough. Off-hours schedules meant it took over 24 hours to push a new version. If something broke, we had to scramble. Canary deployments let us update small groups of customers at a time. We built a tool to stop rollouts fast when issues appeared, limiting the damage.

In the past, new features went to everyone at once. Rolling back wasn't an option. If something failed it'd leave customers stuck in the mess. Now, using OpenFeature, we hide new functionality behind feature flags. We release features to small groups, gather feedback, and test internally for weeks. If things go wrong, we flip the flag off and move on.

This two-pronged approach lets us avoid risky big-bang releases. We went from deploying every 10 days to every 4, with fewer than 1% high-severity defects. Most of these are resolved before customers notice them.

Speakers

Bob Walker

Field CTO, Octopus Deploy

Bob Walker is a Field CTO Octopus Deploy. Bob started as a developer in the early days of .NET when web forms were the hottest new thing, and manual deployments were the norm. After one too many five-hour 2 AM Saturday deployments, he searched for any automation to stop that pain... Read More →

Monday June 23, 2025 4:30pm - 4:50pm MDT
Bluebird Ballroom 3B

Audience Experience Level Intermediate

4:50pm MDT

Session to be Announced

Monday June 23, 2025 4:50pm - 5:10pm MDT

Bluebird Ballroom 3B

Monday June 23, 2025 4:50pm - 5:10pm MDT
Bluebird Ballroom 3B

cdCon

11:00am MDT

Unleashing the Power of Mutation Testing: Supercharging Software Quality and Resilience - Emma Taylor, SciTec

Tuesday June 24, 2025 11:00am - 11:20am MDT

Bluebird Ballroom 3B

Mutation testing is a powerful technique used to assess the effectiveness of software tests by introducing small, deliberate changes (mutations) to the codebase. These mutations simulate common coding errors, offering a robust way to evaluate how well existing test suites can detect potential faults. This talk will explore the principles behind mutation testing, its applications in real-world development cycles, and its potential to uncover gaps in test coverage that traditional testing methods may miss. Attendees will learn about the core concepts, tools, and strategies for integrating mutation testing into CI/CD workflow, as well as the challenges and best practices for maximizing its benefits. Whether you’re looking to improve the robustness of your tests or dive deeper into software quality assurance, this session will provide valuable insights into how mutation testing can take your software’s reliability to the next level.

Speakers

Emma Taylor

Software Engineer, SciTec

Emma Taylor is a Full-Stack Developer with a BS in Computer Science and Electrical Engineering, specializing in scalable, high-performance systems. Skilled in Java, C/C++, Docker, and microservices, she uses mutation testing to enhance code quality and identify test coverage gaps... Read More →

Tuesday June 24, 2025 11:00am - 11:20am MDT
Bluebird Ballroom 3B

Audience Experience Level Beginner

11:20am MDT

CD Demands Continuous Testing: Why We Built a Testing Platform Layer on ECS Using Spinnaker - Jaime G. O'Byrne, JPMorgan Chase and Co

Tuesday June 24, 2025 11:20am - 11:40am MDT

Bluebird Ballroom 3B

Functional tests are not just an idealist luxury – at JPMorgan, they’re compulsory. Since designating Spinnaker as the strategic deployment tool for all public cloud deployments, users who were able to easily run tests using closures in our firm’s Jenkins offering were now finding themselves without a run-context. Where are your tests supposed to run when your deployment tool is now a distributed system?
From “bring your own environment” to “we will run all the firm’s tests on our infrastructure” - this talk will walk through some of the challenges, design decisions, tradeoffs, and general wrangling of complexity that comes from operating a distributed system like Spinnaker, in a highly regulated environment to support continuous testing on the cloud.

Speakers

Jaime OByrne

Senior Associate Software Engineer, JPMorgan Chase and Co

Salvadoran immigrant, Husband, Father of two. Early-Mid career Software Engineer and enthusiast of all things CD and automation.

Tuesday June 24, 2025 11:20am - 11:40am MDT
Bluebird Ballroom 3B

Audience Experience Level Intermediate

11:55am MDT

Who Are You Building For: Pipelines Have a Purpose - Andrew McNamara & Julen Landa Alustiza, Red Hat

Tuesday June 24, 2025 11:55am - 12:15pm MDT

Bluebird Ballroom 3B

Software is built for a purpose. The same property applies to build platforms!

We will show you how we are leveraging Tekton and Tekton Chains at Red Hat to create a build platform that meets developers where they are at. Developers start with the pipeline defined in their git repository – free for them to modify and update on their terms, with Tekton tasks ready to scan artifacts for vulnerabilities and Renovate pre-configured to help keep dependencies up to date.

This platform helps make sure that the artifacts are going somewhere. Using the detailed SLSA Provenance generated by Tekton Chains, the build platform enables policy driven development. Developers can see in their PRs whether they are on track to meet the target’s requirements – whether it is pushing to a development or production environment. Gone are the days saying “I didn’t know I had to do that!”

We won’t send the artifacts just anywhere, however, as we can tailor policies to ensure that you are meeting all of the requirements. The platform can inspect the provenance to ensure that artifacts are built using trusted steps and all required checks are good for takeoff!

Speakers

Andrew McNamara

Engineer, Red Hat

Andrew McNamara is passionate about usable CI/CD, security, and DevSecOps, drawing from his experience of building and shipping containerized software at IBM and Red Hat. As a SLSA maintainer, Andrew is helping people identify how to approach and understand supply chain security... Read More →

Julen Landa Alustiza

Ansible Delivery Pipelines Architect, Red Hat

I am an Open Source enthusiast currently working for Red Hat as Ansible Delivery Pipelines techincal lead.

Tuesday June 24, 2025 11:55am - 12:15pm MDT
Bluebird Ballroom 3B

Audience Experience Level Beginner

12:15pm MDT

Standardizing CI/CD Observability: Insights From the OpenTelemetry CI/CD SIG - Dotan Horovits, AWS

Tuesday June 24, 2025 12:15pm - 12:35pm MDT

Bluebird Ballroom 3B

We all know that observability is a must-have for operating systems in production. But we often neglect our own backyard - our software release process. As a result, we also lack standardization, and each CI/CD tool invent its own way of reporting about pipeline runs, which causes fragmentation, lock-in and difficulty to leverage existing observability tools.

We've been talking about the need for a common "language" for reporting and observing CI/CD pipelines for years, and finally, we see the first "words" of this language entering the "dictionary" of observability - the OpenTelemetry open specification and semantic conventions. On this talk the OTel CI/CD SIG leads will share the need, and the work of the SIG.

Join us to learn about this new SIG, its role, the milestones achieved and roadmap ahead. The talk will also discuss the alignment with adjacent open source communities such as the CDF's Jenkins and CDEvents and the Eiffel community.

Speakers

Dotan Horovits

Sr. Developer Advocate for OpenSearch, AWS

Horovits is an international speaker and thought leader, as well as a CNCF Ambassador, and host of the popular OpenObservability Talks podcast. With over 20 years in the tech industry he brings a wealth of knowledge in cloud and cloud-native solutions, DevOps practices and more... Read More →

Tuesday June 24, 2025 12:15pm - 12:35pm MDT
Bluebird Ballroom 3B

Audience Experience Level Advanced

2:10pm MDT

Your Deployments Are Lying. AI Knows - Seema Saharan, Autodesk & Aditya Soni, Forrester Research

Tuesday June 24, 2025 2:10pm - 2:30pm MDT

Bluebird Ballroom 3B

Is your CI/CD pipeline giving you a green light when, in reality, something's lurking in the shadows? Traditional monitoring tools often miss the subtle failures that could silently impact your users. While your pipeline may say all systems go, AI sees the truth behind the curtain.
In this talk, we’ll unveil how AI can catch those hidden deployment issues that your traditional monitoring tools overlook, providing real-time, actionable insights into your Kubernetes environments.

Here’s what we’ll cover:
1. Identify deployment issues missed by traditional monitoring tools with insights from AI
2. Leverage AI to analyze logs, metrics, and traces for early problem detection.
3. Watch how AI automatically correlates data to resolve issues in real time.
By the end of this talk, you’ll gain the knowledge to integrate AI-powered observability into your CI/CD pipelines, enabling you to catch hidden problems early and deploy with confidence.

Speakers

Seema Saharan

Site Reliability Engineer, CNCF Ambassador, Autodesk

Meet Seema, the tech whiz at Autodesk. She's not just about fixing things – she loves sharing what she knows! Whether speaking at cool events like KubeCon NA, KubeDay, GitLab Commit, and GitHub Universe or breaking down tech on her YouTube channel, Seema makes the complicated stuff... Read More →

Aditya Soni

CNCF Ambassador, DevOps/SRE, Forrester Research

Aditya Soni is a DevOps/SRE tech professional He worked with Product and Service based companies including Red Hat, Searce, and is currently positioned at Forrester Research as a DevOps Engineer II. He holds AWS, GCP, Azure, RedHat, and Kubernetes Certifications.He is a CNCF Ambassador... Read More →

Tuesday June 24, 2025 2:10pm - 2:30pm MDT
Bluebird Ballroom 3B

Audience Experience Level Any

2:30pm MDT

Intelligent CI/CD Pipelines: Leveraging AI/ML for Predictive Failure Detection - Aishwarya Sharma, Amdocs; Anindita Tripathy, VMWare; Shubham Parasher, Dream11

Tuesday June 24, 2025 2:30pm - 2:50pm MDT

Bluebird Ballroom 3B

Modern CI/CD Pipelines generate vast amounts of build, test, and deployment data- making it challenging to detect issues before they impact production. In this session, we explore how AI and ML can transform your CI/CD process by predicting failures before they occur. You'll learn how to collect and process pipeline data(logs, test outcomes, resource metrics) to train models that detect subtle patterns indicative of future failures. This talk covers practical strategies for feature engineering, model integration using popular open source tools, and real-world case studies that demonstrate reduced downtime and optimised testing. Attendees will leave with a clear, actionable roadmap for embedding predictive analytics into their pipelines to drive proactive, resilient software delivery

Speakers

Aishwarya Sharma

DevOps Specialist, Amdocs

Aishwarya Sharma is a DevOps specialist with a passion for leveraging open source technologies to optimise CI/Cd pipelines and cloud operations. With expertise in integration AI/ML for predictive analytics, she empowers teams to enhance software deliver efficiently and resilience... Read More →

Anindita Tripathy

SRE, VMWare

Anindita Tripathy is working as SRE in VMWare, specialised in building, deploying, and maintaining cloud-based infrastructure and CI/CD pipelines. She has deep passion for optimizing workflows, ensuring high availability, and fostering collaboration between development and operations... Read More →

Shubham Parasher

Product Manager, Dream11

Shubham parasher is a product manager renowned for his expertise in managing products, cloud infrastructure and kubernetes solutions. Shubham has made significant contributions to the tech industry, particularly within the domain of fantasy sports and gaming platforms. Currently working... Read More →

Tuesday June 24, 2025 2:30pm - 2:50pm MDT
Bluebird Ballroom 3B

Audience Experience Level Any

3:05pm MDT

Transforming Software Development and Engineering Velocity at EBay With AI/ML in CI/CD - Aravind Kannan, eBay Inc. & Sanmeet Shikh, eBAy

Tuesday June 24, 2025 3:05pm - 3:25pm MDT

Bluebird Ballroom 3B

In today's digital landscape, rapid and reliable software delivery is crucial. Join us to explore how eBay has integrated AI and ML into its Continuous Integration and Continuous Deployment (CI/CD) processes, revolutionizing software development at scale.

We will share insights from eBay's "Engineering Velocity" initiative, detailing how our AI and ML powered CI/CD platform helped our engineers in achieving a 23% increase in software releases and a 10% reduction in production bugs.

This session will cover:

* The strategic implementation of AI and ML in CI/CD to enhance efficiency and quality.
* Real-world examples of how AI-driven insights and automation have streamlined our software development, review, testing, debugging and delivery process.
* Key challenges and lessons learned in integrating AI and ML technologies into the CI/CD platform.
* Future trends and opportunities in AI and ML for CI/CD.

Whether you're an engineering leader, developer, or DevOps practitioner, gain insights and strategies to leverage AI and ML for faster, more reliable software delivery.

Speakers

Aravind Kannan

Director, Software Engineering, eBay Inc.

Aravind Kannan leads eBay's transformative Engineering Velocity initiative, responsible for driving improvements in software development and delivery platforms and processes across the organization. He is committed to empowering engineers to deliver value to customers faster, easier... Read More →

Sanmeet Shikh

Sr. MTS Software Engineer, eBAy

Technical Lead for CI/CD platform at eBay

Tuesday June 24, 2025 3:05pm - 3:25pm MDT
Bluebird Ballroom 3B

Audience Experience Level Any

3:25pm MDT

Lightning Talk: Paved Paths, Not Potholes: Simplifying Multi-Tenancy in Internal Platforms - Faeka Ansari, Akuity, Inc.

Tuesday June 24, 2025 3:25pm - 3:35pm MDT

Bluebird Ballroom 3B

Internal developer platforms can make or break developer productivity. Many organizations struggle to balance scalability, flexibility, and usability when building these internal platforms, especially in multi-tenant environments. Yet, designing streamlined workflows that balance governance with developer autonomy often feels like navigating pothole-filled roads. In this talk, I will explore real-world lessons and open source tools from building GitOps-driven paved paths that simplify complex multi-environment workflows.

Learn how declarative principles, automated pipelines, and GitOps practices can transform developer frustration into delight. Whether you're improving namespace management, scaling day 2 operations, or accelerating platform adoption, this talk should leave you with usable tools and fresh ideas for your platform engineering journey.

Speakers

Faeka Ansari

Kubernetes Sub-Project Maintainer | Kargo Maintainer | CNCF Ambassador, Akuity, Inc.

Faeka Ansari is a sub-project maintainer for Kubernetes and a key maintainer of the Kargo project. With expertise in designing & optimizing Kubernetes controllers, she specializes in streamlining workflows and improving developer experience. She has previously contributed to cloud-native... Read More →

Tuesday June 24, 2025 3:25pm - 3:35pm MDT
Bluebird Ballroom 3B

Audience Experience Level Any

3:35pm MDT

Lightning Talk: Shift Left With AI: Smarter Code Reviews for DevOps Acceleration - Vaibhav Tupe, Equinix

Tuesday June 24, 2025 3:35pm - 3:45pm MDT

Bluebird Ballroom 3B

In the fast-paced world of CI/CD, traditional code reviews can become a bottleneck, slowing down development and introducing risks due to human errors or inconsistencies. What if you could have an AI-powered assistant that reviews your code in real-time, providing actionable insights, detecting security vulnerabilities, and ensuring compliance—all while integrating seamlessly into your DevOps pipeline?

This session explores how Generative AI is transforming code reviews in CI/CD environments. We will dive into how AI-driven assistants can enhance developer productivity, improve code quality, and automate security and compliance checks.

We will cover:
The challenges of traditional code reviews in modern CI/CD workflows
How Generative AI enhances automated code reviews for speed and accuracy
Real-world use cases and best practices for integrating AI-powered code review assistants into your pipelines
The impact of AI on security, compliance, and developer experience
By the end of this session, you’ll understand how to leverage AI to make your CI/CD pipelines smarter, faster, and more secure—reducing friction in your development lifecycle while ensuring high-quality code.

Speakers

Vaibhav Tupe

Tech Lead, Equinix

Vaibhav Tupe is a distinguished Technology Advisory Board Member and Engineering Leader specializing in cybersecurity, cloud, and AI-ready data center infrastructure. With over 13 years of experience, he currently serves as a Technology Leader at Equinix USA, where he drives high-performance... Read More →

Tuesday June 24, 2025 3:35pm - 3:45pm MDT
Bluebird Ballroom 3B

Audience Experience Level Beginner

4:20pm MDT

Session to be Announced

Tuesday June 24, 2025 4:20pm - 5:00pm MDT

Bluebird Ballroom 3B

Tuesday June 24, 2025 4:20pm - 5:00pm MDT
Bluebird Ballroom 3B

cdCon

11:00am MDT

From CDEvents To Actions: Designing the Workflow Conductor - Dadisi Sanyika & Ben Powell, Apple

Wednesday June 25, 2025 11:00am - 11:20am MDT

Bluebird Ballroom 3B

The CDEvents specification has been around for some time but what are "we" doing with it? This talk peels back the layers of our journey from CDEvents to the engineering design of a "Workflow Conductor". We will examine how specific events can be translated into actionable steps, enabling the Workflow Conductor to manage and coordinate diverse CI/CD tools. The focus will be on how the declaration of intent is tracked across tools, maintaining a consistent and auditable process. Join us to discover the technical underpinnings of this system and learn how it can transform your software delivery pipeline.

Speakers

Dadisi Sanyika

CDF Board Chair, Spinnaker TOC, Engineering Manage, Apple, Inc.

I am Board Chair for the Continuous Delivery Foundation (Linux sub-foundation) and lead a team of engineers at Apple dedicated to improving the Continuous Deployment experience for teams and the community. Our contributions are focused on extending scalability and multi-tenant capabilities... Read More →

Ben Powell

Software Engineer, Apple

Ben is a software engineer at Apple for the Spinnaker team with previous experience at AWS for the AWS SDK and ECS team. He has contributed to various different tools, services, and proposals through the years, governs the Cloud SIG for Spinnaker, and is an active participant for... Read More →

Wednesday June 25, 2025 11:00am - 11:20am MDT
Bluebird Ballroom 3B

Audience Experience Level Intermediate

11:20am MDT

Event Provenance Registry: Continuous Delivery Events for the Electric Sheep - Brett Smith, SAS Institute, Inc.

Wednesday June 25, 2025 11:20am - 11:40am MDT

Bluebird Ballroom 3B

What if you got a second chance to build an Event Driven Provenance service? In this talk I will cover the decision to start over, rewrite, and Open Source the Event Driven system we built in house. In the process of covering the things we changed and the things we kept I tell a few war stories. Add in what needed to be improved and what we left behind. I will talk about our involvement in the CD Foundation and how the new system can leverage CDEvents and help with SBOM storage and retrieval. Demo and Discussion included dependent on time allotment.

Speakers

Brett Smith

Distinguished Software Developer, SAS Institute, Inc.

Software Architect/Engineer/Developer with 25+ years of experience. Specialties: Event Driven Automation, Continuous Integration/Delivery/Testing/Deployment, Supply Chain Security Expertise: Linux, packaging, and tool design. Currently Engineering and Securing the Supply Chain... Read More →

Wednesday June 25, 2025 11:20am - 11:40am MDT
Bluebird Ballroom 3B

Audience Experience Level Any

11:55am MDT

Navigating Compliance: What Developers Can Learn From Driving - Kadi McKean & Charlie Jones, ReversingLabs

Wednesday June 25, 2025 11:55am - 12:15pm MDT

Bluebird Ballroom 3B

When driving on a highway, you have to follow the rules of the road—some apply to everyone, while others only apply to commercial drivers. Open source maintainers and software publishers face a similar divide regarding regulatory compliance.

While software manufacturers must meet extensive legal and security obligations, open source maintainers often assume these regulations do not apply directly to them—but do they? In this talk, we’ll separate fact from fiction by breaking down what rules like the EU Cyber Resilience Act require from maintainers versus software vendors.

We’ll explore the limited enforceable obligations for open source projects, including secure development policies and vulnerability reporting, and discuss when (if ever) these rules impact maintainers. By understanding these distinctions, open source contributors can make informed decisions about risk, responsibility, and collaboration with commercial software teams—without unnecessary compliance burdens.

Speakers

Kadi McKean

Community Manager, ReversingLabs

Kadi is passionate about the DevOps / DevSecOps community since her days of working with COBOL development and Mainframe solutions. At ReversingLabs she collaborates with developers and security researchers to help entities prioritize their open source risk, reduce technical debt... Read More →

Charlie Jones

Director of Product Management, ReversingLabs

Charlie is currently a Director of Product Management and subject matter expert in cybersecurity and digital trust. Charlie has 10 years experience delivering strategic transformation initiatives, specializing in cybersecurity, TPRM, and regulatory compliance for Fortune 100 financial... Read More →

Wednesday June 25, 2025 11:55am - 12:15pm MDT
Bluebird Ballroom 3B

Audience Experience Level Any

12:25pm MDT

Lightning Talk: It's Friday! - Alon Nisser, Zencity

Wednesday June 25, 2025 12:25pm - 12:35pm MDT

Bluebird Ballroom 3B

It's Friday afternoon, and you've got plans for this evening. You've just finished the feature. you push to master, and click deploy. OR DO YOU? let's talk about Friday deployments and what they can teach us. A candid talk about CI/CD as an unfinished journey.

Speakers

Alon Nisser

Principal engineer Zencity, Zencity

Software developer. currently in Zencity.io. Writing software as a hobby and as a profession. Strong opinions on things. Open source aficionado. Trying to make a difference.Sometimes software makes we wonder if I'd be better off being a farmer

Wednesday June 25, 2025 12:25pm - 12:35pm MDT
Bluebird Ballroom 3B

Audience Experience Level Intermediate

2:10pm MDT

Managing Resources To Lower Costs - Mark Waite, CloudBees & Melissa McKay, JFrog

Wednesday June 25, 2025 2:10pm - 2:30pm MDT

Bluebird Ballroom 3B

Do you have a closet that’s overflowing? In order to accommodate your favorite latest wardrobe styles (and to avoid a closet clutter disaster), you might need to let go of those jeans two sizes too small or… gasp! … prune your conference t-shirt collection to a reasonable number.

In the CI/CD world, cleaning out your closet translates in part to activities like pruning artifact repos and limiting bandwidth usage appropriately. Businesses are incessantly looking for ways to trim the fat for leaner, healthier bottom lines, and DevOps operational infrastructure can be a clutter hotspot when it comes to resource expense.

Learn how the Jenkins project has reduced costs with more effective management of its operational resources. We’ll share techniques that we’ve used to identify costs, reallocate resources to reduce those costs, and adapt to changing environments. The Jenkins closet is looking better than ever!

Speakers

Mark Waite

Manager, CloudBees

Mark is a member of the Jenkins governance board, maintainer of the Jenkins git plugin, and a long-time contributor to continuous integration and continuous delivery topics.

Melissa McKay

Head of Developer Relations, JFrog

Melissa is passionate about Java, DevOps and Continuous Delivery. She is currently Head of Developer Relations for JFrog and a member of the Technical Steering Committee of the Open Platform for Enterprise AI (OPEA). Melissa has been recognized as a Java Champion and a Docker Captain... Read More →

Wednesday June 25, 2025 2:10pm - 2:30pm MDT
Bluebird Ballroom 3B

Audience Experience Level Intermediate

2:30pm MDT

"The Missing Role: Why Platform Teams Need Design Leadership” - Luis Queral, The New York Times

Wednesday June 25, 2025 2:30pm - 2:50pm MDT

Bluebird Ballroom 3B

When you think about the role of "design" on an infrastructure team, it's common to think about slicker interfaces or nicer branding. While that might be true, the impact of design-thinking can go far deeper.

In this talk, we'll walk through an unlikely collaboration between our platform engineers and product designers and how this partnership has enabled deep, strategic change from the bottom up.

We'll talk about how we went from "building a technology" to "building a product", allowing us to both increase adoption to our platform and improve our overall product across a balanced mix of developer needs and business asks -- all without sacrificing platform reliability or quality.

We’ll also share tips on how to bring this kind of thinking to your platform team, with or without dedicated designers.

Speakers

Luis Queral

Senior Product Designer, The New York Times

Luis Queral is a software designer and artist based in Baltimore, MD. He works for the New York Times helping lead design efforts on their infrastructure team. He is frequently, and deliberately out of his element and enjoys driving the design strategy of complex software projects... Read More →

Wednesday June 25, 2025 2:30pm - 2:50pm MDT
Bluebird Ballroom 3B

Audience Experience Level Any

3:05pm MDT

Session to be Announced

Wednesday June 25, 2025 3:05pm - 3:45pm MDT

Bluebird Ballroom 3B

Wednesday June 25, 2025 3:05pm - 3:45pm MDT
Bluebird Ballroom 3B

cdCon

4:20pm MDT

cdCon Closing & Award Ceremony

Wednesday June 25, 2025 4:20pm - 5:00pm MDT

Bluebird Ballroom 3B

Wednesday June 25, 2025 4:20pm - 5:00pm MDT
Bluebird Ballroom 3B

cdCon