Security Slam Returns for 2026 — Now Open to All Open Source Projects
Source: CNCF Blog
Overview
The CNCF Technical Advisory Group for Security & Compliance is excited to announce the upcoming 2026 Security Slam at KubeCon + CloudNativeCon Europe, in partnership with Sonatype and OpenSSF.
The event will run from Friday, February 20 – Friday, March 20, 2026.
Security Slam is a CNCF community activity that has taken many different shapes over the years. Now on its fifth iteration, the Slam is designed to help projects understand and improve their high‑level security posture.
“Security hygiene is something every project should do — and every project can do it with a bit of guidance. It’s everyday stuff, like the equivalent of brushing your teeth. After you learn it once, you can easily do it every day.” – Christopher “CRob” Robinson, OpenSSF CTO & Chief Architect
Previously restricted to CNCF projects, the Slam now leverages the new LFX Insights dashboard to broaden participation: if your project is published to LFX Insights by the closing date, you qualify to receive Slam recognitions.
Past events have offered incentives such as Google’s 2022 donations on behalf of projects that reach select milestones and the 2025 LEGO prizes for top contributors. The format has varied—from a one‑day “Kubernetes Lightning Round” onboarding new contributors to weeks of preparatory work and 45‑minute live sessions at KubeCon + CloudNativeCon Europe.
The 2023 edition, which produced statistically significant results, gave projects iron‑on badges and a framed plaque to showcase milestones achieved during the 30‑day event. Participants reported notable project wins, such as the Argo team’s rapid response when a GitHub action was compromised because all workflow versions had been pinned during the Slam.
“Work we completed on Argo during the Security Slam paid off big time when the tj‑actions GitHub action got compromised. All our workflow versions were pinned during the previous Slam — but if they hadn’t been, we’d have spent a massive amount of time rotating secrets.” – Michael Crenshaw
Key Similarities
- The project lasts approximately one month, leading up to KubeCon.
- CNCF TAG Security & Compliance will publish a library of support resources to accelerate execution of more complex goals.
- Advisors will be available via a dedicated CNCF Slack channel all month to offer clarifications and answer questions related to security hygiene.
- Participating projects will receive custom plaques to demonstrate their successes.
- Individual contributors will be given badges corresponding to the project’s completed goals.
New Elements
- Projects from outside the CNCF and Linux Foundation are invited to participate.
- Advisors and material will be available on the topic of the Cyber Resilience Act (CRA).
- This event’s Slam Library will be hosted online at securityslam.com.
Key Dates to Remember
| Date | Milestone |
|---|---|
| Friday, February 20 | Event objectives announced; Slam Library opens |
| Friday, March 20 | Final scoring submissions close; scoring begins |
| Thursday, March 26 | Awards issued on the KubeCon Project Pavilion Stage |
Pre‑registration is now open—sign up to receive reminders and instructions related to the event!