How to contribute to the KubeClarity open source supply chain security project

If you have been following the "Lean Into Software Supply Chain Security with KubeClarity series," you know that KubeClarity is an open-source project that offers powerful software supply chain security capabilities for assessing container security, Kubernetes clusters' security, and compliance. 

But you don’t have to stand on the sidelines. By contributing to this exciting project, you can actively participate in its development, improve its features, and contribute to the wider Kubernetes community. In this concluding blog post, I will guide you through the process of getting involved and making impactful contributions to KubeClarity and its supply chain security features.

KubeClarity project highlights: Enhancing supply chain security

How is KubeClarity making supply chain security better through its vulnerability scanning features? Let's start with a quick summary of the KubeClarity project highlights:

1. Multi-Stage discovery of SBOMs and vulnerabilities: KubeClarity provides a holistic view of your software development lifecycle by enabling the discovery of SBOM and vulnerabilities at every stage of the CI/CD pipeline. This comprehensive approach provides a complete picture of your software supply chain security, enabling proactive risk management and mitigation of your containerized applications.
2. Don't bet on one analyzer or scanner: KubeClarity understands the importance of diverse scanning capabilities. It allows you to leverage multiple analyzers and vulnerability scanners, giving you the advantage of different detection techniques and increasing the overall detection percentage. By tapping into a combination of analyzers and scanners, you can maximize the effectiveness of your vulnerability management strategy.
3. Suitable for cloud-native and serverless environments: KubeClarity is designed to cater to various deployment scenarios, including serverless architectures. It seamlessly integrates with various platforms, enabling you to perform runtime scans and vulnerability assessments in these environments. This ensures your applications and infrastructure are safeguarded against potential security vulnerabilities.

Reasons to get involved in the KubeClarity project

Unlock a world of possibilities by joining the KubeClarity open-source project, where numerous compelling reasons await your valuable contributions.

• First, by actively participating in its development, you can directly shape the project's future. You can take any special concerns you have about supply chain security and integrate that into the development process.
• Your contributions can enhance its functionality, improve performance, and add valuable features that benefit the entire community.
• Contributing to KubeClarity allows you to expand your skills and knowledge in Kubernetes security, gain practical experience with a real-world project, and collaborate with like-minded individuals passionate about open-source software.
• Your perspective and unique insights can help drive innovation and ensure that KubeClarity remains a valuable tool for vulnerability scanning and management in Kubernetes environments.
• The adversaries are getting smarter. Our only defense against adversaries is to join forces to form a community and leverage the power of the community for a better together defense strategy.
• By contributing to the project, you become part of a vibrant community, build connections and establish your reputation in the industry.

Contribute to our open source project in a variety of ways

It's important to remember that contributing to an open source project like KubeClarity goes beyond just code contributions. Various roles and opportunities are available based on your interests and skill set. Whether you have expertise in documentation, user experience design, testing, community engagement, or project management, there is a place for you to contribute. So, take the time to explore different areas within the project that align with your interests and start delving deeper. By finding your niche, you can make valuable contributions and impact the project's success. So don't hesitate to explore the diverse opportunities KubeClarity offers as an open source project, as shown in Figure-2 below.

How to contribute

Understand the KubeClarity supply chain security project

Start by familiarizing yourself with the KubeClarity project. Visit the official GitHub repository at the link to explore its documentation, source code, and existing issues. Gain a good understanding of the project's goals, architecture, and the features it offers. This blog series is a comprehensive source to learn the details and get up to speed on the internals of KubeClarity.

Set up your development environment

To contribute to KubeClarity, you'll need to set up a development environment on your local machine. Follow the repository's instructions to install the necessary dependencies and tools. Ensure that you have a working Kubernetes cluster to test your changes.

Explore existing issues

Visit the "Issues" section on the GitHub repository to identify open issues, bug reports, or feature requests. This is a great starting point to find areas where you can contribute. Look for issues that align with your interests, skills, and expertise.

Collaborate and communicate

Before working on a specific issue or feature, it's essential to communicate with the project maintainers and the community. Join the project's communication channels, such as the official Slack or mailing list, to connect with other contributors and seek guidance. Discuss your ideas, ask questions, and collaborate with the community to ensure alignment and avoid duplication of efforts.

Fork the repository

To begin contributing, fork the KubeClarity repository to your own GitHub account. This creates a copy of the project that you can freely modify and experiment with.

Make changes and submit a pull request

Create a new branch in your forked repository to work on your changes. Make the necessary modifications, add new features, or fix bugs following the project's best practices and coding guidelines. Once satisfied with your changes, submit a pull request to the main KubeClarity repository. Clearly describe the purpose of your changes, provide any relevant documentation or tests, and address any reviewer feedback promptly.

Collaborate and iterate

You can engage in the review process by responding to comments, addressing concerns, and improving your code based on feedback from the maintainers and reviewers. This iterative collaboration ensures your contribution aligns with the project's standards and objectives.

Celebrate your contribution

Once your pull request is approved and merged into the main repository, celebrate your contribution to the KubeClarity project! Your efforts have helped enhance the project's capabilities and contributed to the broader open source community.

Stay involved

More project-specific contribution guidelines can be found in the README. If you need additional pointers and a tutorial on getting started, this blog post is an excellent resource for getting started on open source projects.

Contributing to KubeClarity doesn't have to and shouldn't end with a single pull request. Continue engaging with the community, exploring new issues, and collaborating on enhancing the project on a continued basis. Join discussions, share your knowledge, and help other contributors foster a vibrant and inclusive open source community.

Roadmap

You can find the project-specific roadmap in the README. Review the roadmap and feel free to propose new additions or start chipping at some of the items in the roadmap. KubeClarity, like any other project, has the potential for continuous improvement and growth. We can nurture and transform the project into a thriving community by actively engaging and improving the roadmap.

Join the KubeClarity community on Slack

To get involved, you can join the KubeClarity community on Slack. Click to access the KubeClarity community: emergingtechcommunity.slack.com. 

It will enable you to connect with like-minded individuals and contribute to the development of KubeClarity. Together, we can foster a larger, more vibrant community for the project.

Improved supply chain security with KubeClarity: become a part of a new adventure

Getting involved in an open source project like KubeClarity provides a unique opportunity to learn, collaborate, and make a positive impact on a widely used technology. By following the steps outlined in this blog post, you can start contributing to KubeClarity and be part of a growing community, shaping the future of Kubernetes security and compliance. Join the KubeClarity project today and start on an exciting journey of open source contribution!

This marks the conclusion of the insightful "Lean into Software Supply Chain Security with KubeClarity" series. Thank you for your engagement and for tuning into the series. And I hope this journey has provided valuable insights and sparked your interest in exploring KubeClarity further. I eagerly await witnessing how you unleash the power of KubeClarity to strengthen software supply chain security. Cheers to a more secure future!

For more insight and research into emerging tech, subscribe to the Shift newsletter.

Pallavi Kalapatapu is a Principal Engineer and open-source advocate in Cisco’s Emerging Technology & Incubation organization, now Outshift.