Join us at Open Source SecurityCon Europe on March 23, 2026

Security Slam 2026

By February 13, 2026Blog, Guest Blog

Security Slam 2026 is a 30-day event that begins February 20 and culminates in an awards ceremony at KubeCon + CloudNativeCon Europe (KCCN EU).

By Eddie Knight and Stacey Potter

What Is the Security Slam?

The Open Source Security Foundation (OpenSSF) is partnering with the Cloud Native Computing Foundation (CNCF) Technical Advisory Group for Security and Compliance (TAG-SC) and Sonatype to support the 2026 Security Slam at KubeCon + CloudNativeCon Europe. 

The 30-day challenge runs from February 20 through March 20 and highlights OpenSSF projects as practical tools that help improve project security posture. Participants will use OpenSSF projects, among others, to achieve security hygiene milestones tailored to their project’s maturity level.

OpenSSF project leads, staff, and maintainers have assisted in the creation of the “Slam Library,” a set of web resources to guide participants through each challenge, and will continue to be available throughout the month via dedicated Slack channels. 

How to Participate

Register now to receive reminders and instructions before the event kicks off on February 20. Join us at the awards ceremony on the KubeCon Project Pavilion Stage on March 26 to celebrate participant achievements.

The event will run from Friday, February 20 until Friday, March 20.

A Growing Community Effort

The Security Slam is a CNCF community activity that has taken many different shapes over the years. Now on its fifth iteration, the Slam is designed to help projects understand and improve their high level security posture.

“Security hygiene is something every project should do — and every project can do it with a bit of guidance. It’s everyday stuff, like the equivalent of brushing your teeth. After you learn it once, you can easily do it every day.”

Christopher “CRob” Robinson, OpenSSF CTO & Chief Architect

Expanded Eligibility Through LFX Insights

Previously limited to CNCF projects due to the nature of the evaluation tools available, the Slam is now taking advantage of the new LFX Insights dashboard to greatly broaden the qualifications for participation. If your project is published to LFX Insights by the closing date, you qualify to receive Slam recognitions.

Past events have included various incentives to encourage projects to make recommended improvements, such as Google’s 2022 donations on behalf of projects who reach select milestones or the 2025 LEGO prizes awarded to the top contributors for each of the participating projects.

Similarly wide in variation, the event has had several permutations in its length. In the case of the Kubernetes Lightning Round, the slam was a day of onboarding new contributors to Kubernetes with a focus on security hygiene improvements to seven different subprojects. Taking it a step further, the 2025 event featured weeks of preparatory work with maintainers, and 45-minute live sessions with maintainers and anyone who wanted to join from the audience at KubeCon + CloudNativeCon Europe.

This year returns to the 30-day format that produced strong results in 2023. In 2023, projects were given their own iron-on badges and a framed plaque to highlight the milestones that they completed during the 30-day event. Not only were the plaques seen at project tables long after the event ended, but we received reports of significant project wins due to the efforts achieved during that event.

“Work we completed on Argo during the Security Slam paid off big time when the tj-actions GitHub action got compromised. All our workflow versions were pinned during the previous Slam — but if they hadn’t been, we’d have spent a massive amount of time rotating secrets.”

Michael Crenshaw, Argo CD Lead Maintainer

What to Expect in 2026

Here are some key similarities you will see:

  • The project will last approximately one month, leading up to KubeCon
  • CNCF TAG Security & Compliance will publish a library of support resources to accelerate execution of the more complex goals
  • Advisors will be available via a dedicated CNCF slack channel all month, to offer clarifications and answer questions related to security hygiene
  • Participating projects will be given custom plaques to demonstrate their successes
  • Individual contributors will be given badges corresponding to the project’s completed goals

And there are new elements as well:

  • The Slam Library will be hosted on the Security Slam 2026 website throughout the event
  • Projects from outside of the CNCF and Linux Foundation are invited to participate
  • Advisors and material will be available on the topic of the Cyber Resilience Act (CRA)

Key Dates to Remember:

  • Friday, February 20: Event objectives are announced; Slam Library Opens
  • Friday, March 20: Final scoring submissions closes; Scoring begins
  • Thursday, March 26: Awards are issued on the KubeCon Project Pavillion Stage

Registration is now open: Sign up to receive reminders and instructions related to the event!

About the Authors

Eddie KnightEddie Knight is a Software and Cloud Engineer with a background in banking technology. When he isn’t playing with his 3-year-old son, he combines his passion and job duties by working to improve the security of the open source software ecosystem. Eddie helps lead CNCF’s Security Technical Advisory Group, the FINOS Technical Oversight Committee, and the OpenSSF Security Baseline.

Stacey Potter

Stacey Potter is the Community Manager at OpenSSF, and brings extensive experience in open source community building, marketing, and event coordination. With a background spanning projects like Minder, Flux and Flagger, OpenFeature, and Keptn, shehas played a key role in fostering engagement and driving adoption across cloud-native and open source security ecosystems.