CNCF End User Technology Radar: Insights into DevSecOps

CNCF end-user community gives recommendations for tools to use in the rapidly growing DevSecOps space


CNCF end-user community came up with a new guide on the emerging technologies for security in the software development lifecycle based on their experience. This is the sixth edition of the CNCF end-user technology radar, and the theme for this edition is on DevSecOps.

The CNCF decided to pick DevSecOps for this edition of the technology radar because of the fast-growing adoption
The CNCF decided to pick DevSecOps for this edition of the technology radar because of the fast-growing adoption
Key Facts
  1. 1

    The CNCF end-user technology Radar was introduced on the 12th of June, 2020

  2. 2

    The CNCF end-user community consist of about 155 organizations or more, coming together to use cloud native technologies for their product and services.

  3. 3

    This edition of the CNCF end-user technology radar is focused on integrating security at every phase of the software development lifecycle.

  4. 4

    This edition of the guide is also based on the three generally used key ideas, Adopt, Trial, Assess or hold

  5. 5

    The technology team chose 21 companies to use 16 tools and submit data points on the tools.


CNCF (Cloud Native Computing Foundation) end-user community launched a new initiative (CNCF end-user technology radar) towards the end of Q2 in the year 2020. The initiative helps in setting an opinionated guide to a set of emerging technologies. The initiative aimed to provide adequate knowledge to technical audiences that want to understand what solutions end-users use in CNCF, what they will recommend, and how they used it.

The CNCF end-user community consists of about 155 companies and startups, including Airbnb, Twitter, and Capital One, always coming together to discuss the challenges faced and best practices when adopting cloud native technology.

The CNCF end-user community has released six editions of the technology radar so far, and the 6th edition is the most recent released on the 22nd of September, 2021, and focused on DevSecOps. DevSecOps entails the integration of security into your software development as it moves from one phase to the other. DevSecOps is an initiative that bridges the gap between DevOps and security while automating many security processes. The CNCF decided to pick DevSecOps for this edition of the technology radar because of the fast-growing adoption in the DevOps space, and many organizations are trying to catch up with the growth of the DevOps while keeping security in mind.

The maturity of cloud native software has enabled organizations to design more complex and layered architectures with Kubernetes as a centerpiece; however, a mature ecosystem implies that security is tightly intertwined in the development cycle. By shifting security to the left, organizations can share ownership across teams and define DevSecOps principles, enabling specialists to focus on vulnerabilities in well-known components and creating fast and effective feedback loops.
Katie Gamanji
Ecosystem Advocate at CNCF

In the survey of tools for recommendation by the CNCF end-user community, 8 tools including Terraform, Hashicorp Vault, Artifactory, Sonarqube, Calico/Tigera, ArgoCD, Open Policy Agent, and Istio were chosen for the Adopt level. Xray is the only tool recommended for the Trial level, while Sonatype Nexus, GitHub Actions, Cilium, Harness, Linkerd, Hashicorp Sentinel, and Trivy, summing up to 7 were recommended for the Assess level. The companies that made the recommendations range across different industries including, 7 companies from the software industry, 4 from E-commerce, 3 from Financial Services, 2 from Insurance, and 1 company each from Education, Food and Beverage, Media, Email, and Scientific Equipment industry.

The 21 companies, including Box, Intuit, Shopify, Spotify, Squarespace, and Zendesk, submitted 117 data points, with a total of 252votes on the 16 tools they worked with.

After carefully reviewing the submitted data points by 21 companies, the technology radar team reported their findings in three themes:

  1. The CNCF technology radar team discovered that the DevSecOps space is changing rapidly, and new tools are constantly emerging, but developers are not privileged to grow with the trend because these tools are all geared towards security teams.
  2. The security space is rapidly changing as more tools come to the DevSecOps market, and practitioners find it hard to know which tool is best to use.
  3. Tools like calico and cilium offer micro-segmentation capabilities at layers 3-4. These tools are becoming more important because many organizations find it hard to operationalize segmentation within cloud native environments. In contrast, layer 7 segmentation is done with mesh technologies like Istio and Linkerd. Tools like Artifactory, SonarCube, Xray, and GitHub now focus on security, and they offer a mutual Transport Security Layer to users’ stacks.

Get similar news in your inbox weekly, for free

Share this news:

Latest stories

How ManageEngine Applications Manager Can Help Overcome Challenges In Kubernetes Monitoring

We tested ManageEngine Applications Manager to monitor different Kubernetes clusters. This post shares our review …

AIOps with Site24x7: Maximizing Efficiency at an Affordable Cost

In this post we'll dive deep into integrating AIOps in your business suing Site24x7 to …

A Review of Zoho ManageEngine

Zoho Corp., formerly known as AdventNet Inc., has established itself as a major player in …

Should I learn Java in 2023? A Practical Guide

Java is one of the most widely used programming languages in the world. It has …

The fastest way to ramp up on DevOps

You probably have been thinking of moving to DevOps or learning DevOps as a beginner. …

Why You Need a Blockchain Node Provider

In this article, we briefly cover the concept of blockchain nodes provider and explain why …

Top 5 Virtual desktop Provides in 2022

Here are the top 5 virtual desktop providers who offer a range of benefits such …