Security Slam Returns for 2026 — Now Open to All Open Source Projects

Posted on February 11, 2026 by Eddie Knight, Sonatype The CNCF Technical Advisory Group for Security & Compliance is excited to announce the upcoming 2026 Security Slam at KubeCon + CloudNativeCon Europe, in partnership with Sonatype and OpenSSF. The event will run from Friday, February 20th until Friday, March 20th. Security Slam is a CNCF community activity that has taken many different shapes over the years. Now on its fifth iteration, the Slam is designed to help projects understand and improve their high level security posture. “Security hygiene is something every project should do — and every project can do it with a bit of guidance. It’s everyday stuff, like the equivalent of brushing your teeth. After you learn it once, you can easily do it every day. ” – Christopher “CRob” Robinson, OpenSSF CTO & Chief Architect Previously restricted to CNCF projects due to the nature of the evaluation tools available, the Slam is now taking advantage of the new LFX Insights dashboard to greatly broaden the qualifications for participation: If your project is published to LFX Insights by the closing date, you qualify to receive Slam recognitions. Past events have included various incentives to encourage projects to make recommended improvements, such as Google’s 2022 donations on behalf of projects who reach select milestones or the 2025 LEGO prizes awarded to the top contributors for each of the participating projects. Similarly wide in variation, the event has had several permutations in its length. In the case of the Kubernetes Lightning Round , the slam was a day of onboarding new contributors to Kubernetes with a focus on security hygiene improvements to seven different subprojects. Taking it a step further, the 2025 event featured weeks of preparatory work with maintainers, and 45-minute live sessions with maintainers and anyone who wanted to join from the audience at KubeCon + CloudNativeCon Europe.