Skip to main content
← Back

November 27, 2024

Agenda

Meeting Notes

First up, welcome Sudhanshu Pandey to the wasmCloud Commununity; we met Sudhanshu in Salt Lake City, he is the founder of Kismet and a Software Engineer with an M.S. in Computer Science from NYU, specializing in full-stack development and AI. He is currently learning Rust and is interested in getting more involved in the wasmCloud community. Great to see you here!

Thanks also to Florian and Massoud for your ongoing support and contributions to the wasmCloud project and community. We can't thank you enough for what you do for our community.

Securing software supply chains with SBOMs: what, how, why?

  • We’re thinking more deeply about how to secure our software supply chains with SBOMs and Brooks takes us through how we do this in wasmCloud. Check out the handy post on the blog on the subject. In his walkthrough, Brooks explains how there has been a ton of work in this area revolving around tthe idea of tracing back a binary to the original version of the source libraries used to build it. -Super important as if there's a vulnerability in a library, an SBOM is there to notify you of the deployments artifacts, infra deployed that rely on that CPE.
  • Wasm is different to containrs and so the approach is a little different. As such, we've pulled together a post to explain these differences and how you create an SBOM in wasmCloud with tools like syft and grype.
  • You can create an SBOM for components and capabilities alike.
  • Q: are you defining the use cases? A: this is very much defined by the user. What we're seeing is the enterprises that have the security infrastructure to have the requirement for an SBOM they already have the existing processes to handle it. wasmCloud Policy Service (pluggable policy that adds further constraints) is the natural integration in some use cases.
  • Check out the recording for the full discussion.

Q4 roadmap check-in

  • We’re making some great progress in the roadmap.
  • The one feature in triage deserves a little more attention and so we’re focusing energies in this space. Since adding component specifications in 1.0 we need to make sure we’re adding the correct scenarios and specs.
  • On the ready-for-work front, there are a few issues that are perfect for beginners - small issues ideal for getting your feet wet.
  • We also have a ton of features in progress - taken by community members, which is awesome - thank you! There are already draft PRs for many of these - benchmarking suites, humantime vs milliseconds, Quickstart improvements are huge - we recommend you check it out. And much more. Click the link to see progress and get involved.
  • There was a wide-ranging discussion amongst community members - review the recording below for more.

Catch up!

  • Great news! The WasmCon + KubeCon session playlists are now live on YouTube! There are some fantastic examples of Wasm - and wasmCloud - being used in industry - perfect after dinner viewing this Thanksgiving!

Finally, we'd like to wish our wonderful community a happy and peaceful Thanksgiving.

Recording