TL;DR overview
- This post recaps Sonar's participation and key takeaways from KubeCon 2022, the leading conference for Kubernetes and cloud-native technology practitioners.
- Highlights include community conversations around Kubernetes security practices, infrastructure-as-code quality, and the growing role of static analysis in cloud-native DevSecOps workflows.
- The event reinforced the demand for code quality and security tooling that integrates natively with Kubernetes and container-based CI/CD pipelines, aligning with Sonar's direction in supporting cloud-native development teams.
- Themes from KubeCon 2022 reflected broader industry trends around supply chain security, shift-left practices, and developer-led security that remain central to SonarQube's product focus.
Welcome to Detroit!
SonarSource attended our first KubeCon from Oct. 25-28. The event was located in Detroit and hosted by the Cloud Native Computing Foundation (CNCF) which is part of the Linux Foundation. It was obvious that the city was in full support of the show as the event staff was very welcoming and attentive. I had not personally been to Detroit before and it was interesting getting to know the downtown vibe.
As events go, this was on the larger side with over 7k attendees and more than 300 sponsors. Because it was our first time at KubeCon we kept things simple. We took a base squad of myself (marketing) and our product manager responsible for security.
Folks Still Love Sonar
As always, several existing users dropped by the booth to say hello and check out our new branding. It’s always fun and rewarding to hear about how folks are integrating Sonar into their workflows and churning out some cool applications.
Behold the Home of Code Quality!
We were there to showcase our support for cloud native and IaC technologies. Over the past year, we’ve quietly innovated and added a bunch of new rules to support CloudFormation, Terraform, Kubernetes and serverless functions.
Cloud Native Solves Traditional Challenges; It Also Comes with Challenges
Overall, there was a lot of excitement and a positive ‘hum’ about cloud native and the benefits it’s delivering to the developer and DevOps world. We noted a couple of recurring themes that stood out to us over the course of the event.
- Cloud native is removing blockers and allowing teams to achieve cool things in new ways.
- Security is very top of mind for DevOps teams. This need comes from several domains: the cloud native apps themselves, the infrastructure(s) and the packaging/deployment side.
- There are a lot of vendors in this space right now. This is to be expected as cloud native is still relatively new and growing. There are some established companies bringing solutions as well as new entrants with very focused value propositions e.g., observability. Certainly, there will be some consolidation down the road and it will be interesting to see how things play out.
On Thursday, everyone could take part in an evening celebration that featured a ballroom with games and a DJ, a beer tent, dinner with a 360 view from the 25th floor and a river boat with gambling for fun!
The Sonar attendees taking in the riverboat views
That’s a Wrap!
All in all, we had a great time learning about how cloud native technologies are advancing application development and ushering in a disruptive, new era. The CNCF did a great job bringing everyone together for a week of sharing, discussion and communication.
PS - the Parallel Reality tech at the Detroit Airport Delta hub is pretty cool!
Detailed flight info for the author’s eyes only!
Thanks for reading and happy, clean, cloud native coding!
Pick a topic to discover more: