Underneath The CNCF Tech Radar

October 23, 2022 by Jay Cuthrell

Share and discuss on LinkedIn or HN

Music: Underworld - Underneath The Radar (1988)

Getting Informed

The Cloud Native Computing Foundation (CNCF) was formed in 2015 by 22 supporting member companies.1 At launch, the mission statement was “to create and drive the adoption of a new computing paradigm that is optimized for modern distributed systems environments“. 2

Today, the CNCF mission is, according to their charter, “to make cloud native computing ubiquitous”.3 In addition, there are now 23 “Platinum” supporting companies, 27 “Gold” supporting companies, 659 “Silver” supporting companies, 103 “End User” supporting companies, 21 “Non-profit” members, and 4 “Academic” members — or ~837 member companies in total if you are looking for the big number.

CNCF produces a landscape of projects and members that, as of this post, represents a market cap of $18.9T and $54.2B in funding.4

The cloud native landscape… like Leon, is getting largerClearly, the landscape is a bit of an eye chart.

So, what’s new? In a word, as of this week, the observability company, Sidekick.

[Sidekick @RunSidekickSidekick #opensource is on #CNCF Landscape under the #Observability and Analysis Monitoring section!
Collect traces, exception stacks and generate logs on-demand without stopping & redeploying your applications 😎
go.thundra.io/3eLzLOj go.thundra.ioCloud Native LandscapeThe Cloud Native Landscape organizes all cloud native open source projects and proprietary products into categories, providing an overview of the current ecosystem](https://twitter.com/RunSidekick/status/1582718208607457282?s=20&t=YCXTBalJilXlmUTJL_jA3g)1:00 PM ∙ Oct 19, 2022No sign upon screen 🎶

You might have noted the Gartner Survey of 2203 CIOs findings this week.5

Represents $322B in spending across 81 countries
Respondents were grouped by increased investments (emphasis mine)
- cyber and information security (66%)
- business intelligence/data analytics (55%)
- cloud platforms (50%)
- artificial intelligence (32%)
- hyperautomation (24%)

When you think of cyber and information security you probably think SecOps and for cloud platforms, you probably think DevOps. So, let’s think of these as connected topics as applying both AI and automation as DevSecOps.

Get hip 🎶

So, let’s apply the findings using the lens of a CNCF End User Technology Radar for DevSecOps that was published this time last year.6

Curiously, the “Trial” radar range was a thin crop for September 2021.The Adopt list contains a few interesting DevSecOps references such as Istio and Open Policy Agent (OPA). The Assess list entries that caught my attention were Harness and Trivy.

The trial list only contains XRay which CNCF links to XRay (an Idera Company)7 which also turned out to be very popular for Atlassian Jira shops at the time of this radar publishing when I tried to understand the relevance to DevSecOps.

When I learned that XRay linked to in the Trial range was XRay, an Idera Company — not JFrog Xray8 the DevSecOps SCA toolset used with Artifactory in the Adopt range — I was confused. So, I’m not sure if this distinction was made clear in the radar methodology but I would suspect XRay (Idera) being linked to vs Xray (JFrog) might confuse more folks than just me.

Maybe I’m out of touch or maybe this just goes to show that common names for technologies, projects, products, and even companies can and will collide or become overloaded terms. Maybe… I should consider a pull request.9

Lastly, if the CNCF continues to publish radar findings year over year, the tracking of specific groups of technologies from assess to trial to adopt will be an even more valuable guide for the community. One possible consideration might be to enrich these radar findings with a stackshare.io 10 drift over time.

Steve McCroskey and Austin Millbarge multiverse memeSo what’s the next DevSecOps Adopt candidate set for 2023?