Open-Source

In the rapidly evolving landscape of AI and large language models (LLMs), the ability to connect these models to external tools and data sources is crucial for building powerful, automated applications. The Model Context Protocol (MCP) has emerged as a standard for this purpose, but its use also introduces new security challenges. This article explores how to work securely with third-party MCP servers, drawing insights from the recently released OWASP GenAI security cheatsheet. ...

AI is part of our daily life, and I’m not afraid to say that I’m using it regularly for personal tasks. Naturally, I keep and respect the confidentiality of data, and I use my knowledge to understand what AI is telling me back; AI without being driven the correct way can produce absolute garbage. Now I’m transitioning from chatbot to AI CLI usage. I’m a victim of Network Chuck’s enthusiasm, so I wanted to build my first AI agent for publishing content on my personal blog. See below how I did it in minutes. ...

On November 5th, 2025, a set of high-severity vulnerabilities in runc were publicly disclosed, allowing for full container breakouts. Runc is the cornerstone of containerization on Linux, serving as the default low-level container runtime for industry-standard tools like Docker, Podman, and Kubernetes. Its ubiquity means that a vulnerability in runc has far-reaching implications for the entire cloud-native ecosystem. This post summarizes the vulnerabilities, the affected versions, and the recommended actions to mitigate them. ...

This article is a follow-up to my previous post about the state of the External Secrets Operator project. Let’s start with the most important news: External Secrets Operator is set to resume releases on September 22!!! What changed More than 300 volunteers have signed up to contribute across organizations, far exceeding expectations and widening the pipeline of future Members, Reviewers, and Maintainers. Governance has been clarified with a formal Contribution Ladder and focused tracks (Core, Providers, CI, Testing), plus interim roles to spread the load and reduce burnout risk. ...

External Secrets Operator is a great FOSS project that, over the last few years, has gained traction in Kubernetes environments, becoming one of the standard security tools for managing and integrating Kubernetes secrets from external sources. ESO is an operator and can be installed in different ways, for example via HELM or the OpenShift Operator Catalog. Here’s their GitHub repo. A couple of weeks ago, the team raised a giant RED FLAG with the following announcement: ...

One of the pleasures of working with open-source software (OSS) and community-driven initiatives is the endless opportunities they offer. If you ever find yourself with “not enough” to do at work (yes, that’s ironic!), there’s always an easy way to take on something extra and meaningful. Contributing back to the community you’re part of is a wonderful way to express gratitude. After all, how could anyone be luckier than to give back to something they love? 😊 ...

Last week, I had the pleasure of attending KubeCon 2024 EU in Paris. I must begin by thanking SIGHUP for giving me the opportunity to participate in my second consecutive KubeCon, THANK YOU! I decided to write this post to encourage those who have never attended a large-scale event to give it a try! In this case, size matters! If you’re involved in the cloud native world as a client, developer, consultant, or major vendor you can’t miss it! Colleagues, clients, partners, competitors, maintainers of small projects, volunteer committees, and big corporations—they’re all there! ...

Hello there! As I mentioned before, I’ve always been a community person, and I’ve found a new way to contribute: during the first half of 2024, I’ll be one of the editors helping to curate content for KubeWeekly. KubeWeekly is a newsletter that delivers a curated selection of news, tweets, articles, and videos about Kubernetes and the CNCF landscape straight to your inbox. If you’d like to see what we’re working on or join the mailing list, please check out this page!

I’ll start with a premise for those who may not already be familiar: the open-source software ecosystem often revolves around foundations, with the most famous probably being the Linux Foundation. In the cloud-native domain, the reference foundation is the Cloud Native Computing Foundation, commonly known as CNCF. CNCF is a foundation created by the Linux Foundation in 2015, specifically to manage projects in the cloud-native domain. In simple terms, it can be defined as a third-party, vendor-neutral entity that oversees the development and activities related to major projects involving containerized technologies like Kubernetes. ...

During the past few weeks, I have described what a secrets manager is and provided an overview of the architecture and system requirements of CyberArk Conjur. A secrets manager can’t do its job if it can’t communicate with those who need to request secrets, and that’s where Conjur’s magic comes in! The “authenticators” are responsible for the authentication process in Conjur and are specialized to do this in the most secure way, depending on the service. Here is the list of authenticators currently supported: ...