2026 Security Slam Opens to All Open Source Projects via CNCF and OpenSSF
Now in its fifth year, the 2026 Security Slam has expanded participation beyond CNCF projects to welcome all open source projects, running February 20 through March 20 with an awards ceremony at KubeCon Europe.
The Cloud Native Computing Foundation (CNCF) Technical Advisory Group for Security and Compliance has announced the return of the Security Slam for 2026, in partnership with OpenSSF and Sonatype. Now in its fifth year, the challenge has expanded significantly: where previous iterations were limited to CNCF-hosted projects, the 2026 edition is open to all open source projects regardless of foundation affiliation.
What Is the Security Slam
The Security Slam is a 30-day structured challenge designed to help open source projects understand and improve their overall security posture. The 2026 edition runs from February 20 through March 20, 2026. Participating projects work through a set of security hygiene milestones calibrated to their maturity level, using OpenSSF tools and frameworks as practical guides.
The expansion to all projects is made possible by the new LFX Insights dashboard, which enables broader project evaluation beyond the tooling previously available only within the CNCF ecosystem.
Support and Recognition
CNCF TAG Security and Compliance is providing a library of support resources to help projects work through more complex goals. Dedicated advisors are available throughout the month via a CNCF Slack channel, and participating projects that achieve milestones will receive custom plaques recognizing their security improvements.
An awards ceremony is scheduled for the KubeCon + CloudNativeCon Europe Project Pavilion Stage on March 26, 2026, where participant achievements will be publicly recognized.
Why It Matters
Open source supply chain security has become one of the most scrutinized areas in enterprise software following high-profile incidents in recent years. Initiatives like the Security Slam provide structured, low-barrier entry points for maintainers to systematically address known security gaps — from dependency management and vulnerability disclosure policies through to SBOM generation and signing. With participation now open broadly, the 2026 edition has the potential to produce measurable security improvements across a significantly larger portion of the open source ecosystem.
Related Articles
Fedora 44 Beta Ships with GNOME 50, KDE Plasma 6.6, and Wayland-Only Default
Fedora Linux 44 Beta has arrived with simultaneous upgrades to GNOME 50 and KDE Plasma 6.6, dropping X11 sessions entirely in favor of a Wayland-only future. The release includes Linux kernel 6.19, GCC 16.1, Go 1.26, and a project-wide goal of 99% reproducible builds.
NVIDIA Open-Sources NemoClaw: Enterprise AI Agent Platform Debuts Ahead of GTC
NVIDIA has released NemoClaw as an open-source enterprise AI agent platform, offering a chip-agnostic framework for building, deploying, and managing autonomous AI agents at scale. The platform integrates with NeMo, Nemotron models, and NIM microservices, with launch partners including Salesforce, Cisco, Google, Adobe, and CrowdStrike.
Linux Kernel 7.0 Hits RC3 as Rust Support Officially Graduates to Stable
Linux 7.0-rc3 lands with a milestone for systems programming: Rust language support in the kernel is now officially stable after years of experimental status, plus early driver enablement for Intel Nova Lake and AMD Zen 6 hardware.