 All right, we are live, howdy, howdy, and welcome everyone. Welcome to Cloud Native Live, where we dive into the code behind Cloud Native. I'm Taylor D'Olazal, head of ecosystem at the CNCF, where I work closely with teams as they navigate their Cloud Native journeys. Now, every week we bring a new set of presenters to showcase how to work with Cloud Native technologies. They will build things, they will break things, and they will answer your questions. In today's session, Elizabeth, Ed, and Rajesh have joined us to talk about in the Cloud with Cloud Matos. This is an official live stream of the CNCF, and as such is subject to the CNCF Code of Conduct. So please don't add anything to the chat or questions that would be in violation of that Code of Conduct. Basically, please be respectful to all of your fellow participants and presenters. Be excellent to one another. And with that, I'd like to hand it over to the team to kick off today's presentation team. Please take it away. Thank you, Taylor. Hi, everyone, thank you for being here with us while we talk a little bit about our project that we have going on. Prior to introductions and everything, I'm just gonna go ahead and share my screen just a little easier to have the visual aid with us. Screen visible, everything good, Taylor? Yeah, looking good. Awesome, okay. Thanks, everyone, for being here as we introduce to you Matos. So the three of us, we work with Cloud Matos, hence the title in the Cloud with Cloud Matos. I am Elizabeth Mesa. I am the project manager with Cloud Matos. I have been a company for over a year, and overall, I've been in the tech space for over five years. And in case you were wondering, Cloud Matos spawned Matos, our open source project that we have going to them. That's it for me, and just a little fun tip it. I have a little puppy that I adore, Barney, but he's in the room, he has a donor. But thank you, I look forward to the rest of this talk. Rajesh, if you wanted to introduce yourselves. Yeah, Rajesh, if you want to go? Yeah, I'm Rajesh. I'm the lead engineer, a member of Cloud Matos. I've been with Cloud Matos for around six months now. I've been an active contributor for Matos. I'm excited as well as glad to be part of this Cloud Native Foundation live session. Welcome all for Matos. Over to you, Ed. Thank you. So my name is Edward, and I've been with the company for a couple of years. We've worked in Cloud Native Space for pretty much the entirety of it. And we're excited to be here and introduce to you Matos, which is a great platform that we are very sure will change a lot of the landscape in terms of CNCF world. So excited to introduce this to you. Nice to meet you all. Thanks, so that is, those are the three of us. And this is Matos. So just to kind of get you any idea of what the rest of this call would look like, I will be going to give an overview as to what Matos is, who are intended audiences, what the architecture is, some use cases, as well as when we can go over them. For the overview for Matos, Matos is an open source cloud tool for analyzing multi-cloud infrastructure security. And I know that alone sounds pretty big, perhaps not really giving you much detail, but again, it's just the overview I promise that will make sense as we go on. Matos interacts with your cloud computing services to collect configuration, made a data of your infrastructure. Cloud infrastructure misfiguration, which I think is rather important, as well as stress, it will perform more security best practices assessments and it'll check compliance and security and security for you as well. It does quite a bit actually. It also supports AWS, Azure and GCP services. So whatever you may be on, will be there with you as well. It also provides a standalone and full script to easily mitigate your problem. So it does quite a bit again. It'll definitely make sense. The more Rajesh and Ed will expand on it, this is just for our audience. Knowing that there are issues with remediation and getting things going into configuration, we wanted to keep in mind an audience, a wide audience. Honestly, as anyone who builds, touches, maintains, manages the cloud infrastructure, Matos is for you. So it's for a lot of people. We wanted to help out as many people as possible. Yeah, just to interject there just a little bit. Matos is actually specifically designed to help people who are working in cloud space. That's why we're here at CNCF, right? Presenting this and where that space sits is a lot in your compliance and security posture. So this is a tool that's going to help across the board whether you're working in the security space from a DevSecOps perspective, from an SRE perspective or as an architect or developer of cloud space. So it's very versatile in what, in where it can sit in your infrastructure as well as versatility and what it can do for you in cloud and compliance space. So back to you. Thanks. Actually Adam and I handed it right back off to you. So definitely we'll go into architecture, which Ed is a pro at. So Ed, if you wouldn't mind actually continuing and discussing it a bit more. Yeah, sure. So Matos itself is written as a Python tool wrapped around some libraries and other nifty things like that, right? And what that means is that we can actually package it with all its dependencies together and send it around wherever we need to. So the architecture of Matos makes it really portable. You can run it in containers, which of course CNCF we love here. You can run it in serverless workloads. You can run it in VMs if you like. Pretty much anything that can run Python can probably run Matos. And so what makes that useful is that you can really use it in any context that you prefer, right? So what Matos' purpose is to help you detect all these misconfigurations, anomalies, security risks, compliance violations, and all of these pieces, right? And to do that, you may have to look at it from different perspectives. You may run it at different points of your life cycle for your cloud architecture. And so Matos can sit anywhere from a pod in your Kubernetes environment to a cron job, to a serverless run, and many other places. It's also really modular because it's Python, right? And we use it as a data in, data out kind of setup. And so the way we've designed Matos, it allows you to actually integrate it into your own scripts. You can use it as part of a reporting model for an in-house tool or add it in as part of another platform that you're using to maintain some other portion of your cloud environment. So Matos really gives you that open ability to ingest it as you need it. And as I mentioned, it is Python-based, so you can fork and modify as needed, very straightforward code. It's really purpose-driven, so it's very specific in what it does. No extra fluff here and there. You won't see a lot of human readable jargon roll by, but you will see a lot of the useful remediations in scripts that allow you to use it in a pragmatic and capable way. So lastly, it is atomic. So if there's a version you like and you don't like some of the changes that are going forward, you can pin your versions. Simple enough. Next slide. I didn't want to point out that I do want to mention being the least tech savvy of the three I do find Matos to be pretty user-friendly and useful. I just wanted to mention that as well. Yeah. So how does it fit into the big picture, right? I did mention exactly where it could slip in into your environments. You can also do places within your CI CD, for example. So maybe when you deploy to production, you have Matos do a run where it scans your environment and gives you a report back, lets you know if you're still in compliance, if there's any policy violations, miscaric configurations, trips. You can also have it sit where you're designing the actual environment. So now your engineers are building out a cloud-native infrastructure, right? So you're building, let's say, some GCP architecture, deploying out some resources and you need to be sure that before you even use this in any forward production or development, it's compliant. So you're the design phase and you can actually just use Matos to run it against this environment and see for yourself, okay, this thing that I'm building, is it compliant? Is it following SOC-3? Is it following HIPAA compliance? Whatever policies or compliance frameworks you wanna test, we can use Matos as a policy agent to keep our compliance or infrastructure within thresholds that we want, right? So as I mentioned, you can use it as compliance testing scripts, which means that you can fit it in any point in your phases where you're testing and auditing your own workloads for compliance. And wherever that may fit within your IT infrastructure, Matos can likely slip right in and help you along that journey. So, and then the final one is getting ready for audit, right? So now you've already got your deployed infrastructure and you're ready to go to audit and say, hey, this is ready to be signed up, give me my SOC-3, give me my HIPAA, high trust, whatever it may be, to do that, you wanna be sure that you're ready for that audit. It's not cheap, we all know this. And as we walk in, we wanna be sure that we've done everything we can to feasibly ensure that we've tested our environment and we're ready to go. So, Matos being an open source tool allows you to take that and use it as policy engine to test your environment for audit before you go into the audit. And this allows you to be certain that you've tested against the policies and the violations and all the possible checkboxes that follow your infrastructure from one big bucket that will audit your environment rather than having to go down each checkbox and make sure that you've manually checked things off. I mean, of course you may still wanna do that, but Matos is definitely a very nice handheld feature to help you guide along that journey. So this is the overall architecture of Matos within the open source community. You can use it as a tool for reporting and you can use it as a tool for compliance. You can use it as a tool for designing that infrastructure so it gets to sit anywhere within that workflow within your architecture. Good, so I'll back to you. Thank you for going over the architecture. I really appreciate that. We will be going over some use cases with Rajash next and then we'll take a little break from the slideshow to show you how easy Matos can be. Over with the use cases. Excellent, and so before I jump into the use cases I would like to also explain the capability of Matos. So two things if anybody have to remember about Matos. One is it is very simple. At the same time, it is very powerful. Powerful in the sense it has the key thing it deals with data. With the data, we can make powerful decisions. So one of the thing what Matos does is it tries to discover all the infrastructure resource in the cloud. So when we started the Matos project we were supporting very selected resources like virtual machines, storage, database and containers. But now we have grown to a state that we are able to support almost all the critical services that is available in AWS. Be it Redshift, be it EC2, be it AMR, any resource. So we cover a whole gamut of resource. So what primarily Matos does is it uses the native SDKs of the cloud service provider. So in our case, we deal with multi-cloud. That means we talk to AWS, we talk to GCP, Google Cloud. We also talk to Azure. And in future we'll also be extending this capability to all the other cloud service providers. So at the same time within each of this cloud service providers we are also trying to cover as many resource which we can collect the data, metadata information. So the Matos, what it does it brilliantly, it collects data and it organizes the data in a way. So it is easy and effective for analysis. We'll talk about what this analysis are meant for and how it will be useful. That's when this use cases will make more sense when you walk through this. So the data what we talk about here is it's not about metrics, it's not about logs. We talk about the data what Matos is interested in is infrastructure data. And we don't collect any data from workloads. What it means that it is purely, it uses a native SDKs and talk to the cloud. There's no agent. So we are completely agentless. And it is also platform independent. We can run Matos in any platform. If you want to run Matos in Macintosh, in your Linux or in your Windows, it is portable. And as Ed mentioned, architecture is very flexible. You can run in containers. You can run in pods anywhere you want. Even you can integrate it in your CACD pipelines. So what do we do basically after collecting all this data? So these data is what we collect essentially will help us to ensure cloud security and the best practice assessment as well as a compliance check. So we cover a wide range of compliance check. It could be like BCI, DSS standards, SOC2, KIPA, GDPR, and we are also planning to cover in future for FedRAMP and other legal controls. So I will briefly share, launch my application and show how simple it is to utilize. Yeah, let me, I'll stop sharing my screen and you can take a look. Yeah, that'll be great. So I'm sharing the screen. Let me know once it's visible. All right, and that is up. Okay, so I'm, I have done some pre-work. I have taken the, as everybody knows, we have published our open source, just a moment please. So we have published our open source project and we have all the resources available here. So the same I have cloned in my personal and official laptop here. I'm not going to walk through all the steps. Essentially the steps are very easy to follow and it's all documented. So feel free to explore the METOS and we are happy to have your comments. So what I'm going to do now is briefly launch the editor and show things for the essential. So this is the METOS. The METOS primarily is built based on Flask. So the Flask application is exposed as the REST APIs and we have very limited APIs and very powerful. So let me run Flask application and show how the APIs looks like. We'll run the Flask application. Now we have the Flask application up and running. So once the application is launched, it is accessible as you can access the API Flask application. So as you see on the screen, we have ABA, REST API, which is for the resource. So in this example, I'm going to select AWS. What essentially it is going to do is, it's going to talk to the account which I have configured. It's going to talk to my cloud and it'll fetch all the resource information. Like it'll get the API gateway, containers, database, clusters, all the information about the infrastructure will be collected. So I recommend the community to go and explore it. So I'm not going to run and actually show it. So the moment you run it, the Flask application fetches all the information from cloud. So in order to run the application, it needs basically few information like credentials. So we have given a sample what kind of credentials are necessary. So in case of AWS, we need access keys secretly and the region. So once you provide this information, we will be able to talk to your cloud and fetch all the information. Similarly for Azure and Google Cloud. In case of Azure, you need the tenant subscription details. In case of Google, we need the service accounts to fetch all the resource information. So it's a very handy tool. So let me go and show the response which I have it handy so that it gives a clear picture of what it does. So here we have the information fetched from cloud. So the Matos has fetched information about all the infrastructure that is there in your cloud environment. And this data is utilized for performing all the misconfiguration checks, changes in the configuration, compliance, non-compliance, whether it follows the best practices. So essentially it collects all the data, not access, it organizes in such a way that it is efficiently, it can run the checks. So coming back to the presentation, so we will now talk about the use cases. So what can I use Matos for? So I think we had a brief overview about the capabilities of Matos. Now, how do we use Matos and how is it useful for the community? So basically in cloud security, the misconfiguration leads to a lot of security issues. Matos is going to help the community in finding the misconfiguration. As I mentioned, the data which we got it from cloud will be efficiently used for identifying this misconfiguration. I will also show some cases, how can we do that? And we can extend as we also made it open source, the platform is extensible. What it means is the community can add more controls to improve the capability and add more security checks. So we do have this misconfiguration detection and also we also follow CAA's best practices. These controls are already being available, it's available, it's out of the box available. And we also have added recently a lot of security checks and compliance checks, covering PCADSS, HIPAA and other standards as well. It also helps to identify the drift. The drift is one of the interesting topics. So once the cloud infrastructure is deployed, post deployment, if there is any change, if you are able to baseline the data which we have collected, it can essentially also be used to identify the drift. So the use cases are not limited to the one that is listed here. It can be used for a number of cases. For example, it can also run as a schedule job, wherein it can generate events to other cloud security tools. So it has unlimited potential and possibilities. Hey, Rajesh, could you put that in slideshow mode? It's a little harder to see from that view. Yeah, definitely. Thank you. Is it better? Yeah. Thanks. So moving on to remodations. So when we initially started off the project, we were more focused on analyzing the data and later we realized the community needed a solution. So we started thinking about out-of-the-box solution which can be utilized. What it means is we have provided a readymade fixes, Citrelablet engineer or IT operators or DevOps engineer, DevSecOps, anybody can utilize the remediation, what we have developed. So we have chosen a path of using Ansible. So we have crafted few Ansible script and we have also published for the open source community and those examples are listed out here. So before I talk about the use case, I will also just showcase how the crafted scripts will look like. Let me switch the context back to the Metosphere. So in Metosphere, we have published the source code as well as the remediation. The platform we have built it for multi-cloud as I mentioned earlier. So right now I'm going to talk about AWS remediation, some of the cases. We are also building new cases for Azure as well as GCP. We also welcome the contribution from the open source community. So anybody can contribute, provide remediation. We are not limited to Ansible. We also accept any form of remediation script. So with that, I will switch on to one of the remediation which is very commonly. So this is a use case related to relational database. So as you see here, we have given the documentation, how to do it. And essentially we provide a playbook. The playbook is very simple and easy to use. All it needs is the access to your cloud. And if you have identified the resource which is non-compliant, this is a parameter which need to be passed to our script along with the access and where this resource lies, the region. So it's very simple to use. And once you apply this remediation, it makes a non-confirmed resource into... If there are any non-compliance, it resolves the complaints with that. Can come back to the slides. This is a very typical use case. So generally a relational database, when we design it, it is intended to be used within a cloud, which means within a private network. So the database is kind of a backend and it talks to any compute application or the front-end or anything. So it's not intended to be public. So there are cases where the changes from the developers accidentally expose the RDS. So it becomes a severe case wherein the anonymous users get access to the data. So once the user get access to the data, so you can imagine, you can experience data theft, data loss, data misuse, any kind of things. So ideally this checks, what it does is it ensures that the RDS relational database instant is not public. So how do I make it public? Feel free to use our ready-made Ansible script. Given RDS ID, it will go on fix a non-confirmed resource into and fix a problem for you. I'll talk a little bit about similar use case for S3 bucket. So the S3 bucket is very prominently used in the cloud community. And what happens is in the last couple of years, most of the S3 buckets were available public and it was all sensitive data was leaked. So it's not necessarily that the bucket need to be right protected, even if it is the read access is given, you may lose your sensitive data. So for example, if you're having health information about patient or patient health information or any credit card information stored as a blog in S3 bucket and if it is accidentally exposed to the public and anybody can misuse the data. So what this check does is it ensures the S3 bucket is not public and it blocks through all the controls through access control list, access points, bucket policies, and other controls. I'm sorry, did I interrupt you, Raja? Yep. You're gonna go show, okay. Okay, I was gonna just keep going off this slide but I'll share for my end, no worries. Another thing that I did want to mention is that obviously we would like to restrict all traffic on the default security. By not doing so, not restricting access on all our ports that can lead to attacks against the availability, integrity, and confidentiality of your system. So we want to avoid that. Mato's fixes that, Mato's helps you with that and ensures that your traffic on the default security group is restricted and it controls the remote access to all of your resources. So that's another feature that Mato's has as well. Raja, you wanna take on this one? Yeah. Thank you. Going back to multi-factor authentication. So if any user has any administrator who has username and password, in order to have a higher order of protection, it is always recommended as best practice to have multi-factor authentication enabled. So it's add one more layer of protection. So essentially they can give authorization through the mobile or scanning a barcode, any particular form, so form it is possible. So it's natively supported in AWS and other platform as well. So essentially what this check does is if the multi-factor authentication is not enabled for the user who has higher order of permission, we ensure that access is restricted until the MFP is turned on. Thereby we make sure that we give additional layer of protection for the users. So this is a check essentially to make sure that, so what is easy to do is not actually secure or a best practice to do. So what generally a developer or a community does is they store the credentials directly on the EC2 instance, which is actually not recommended. So instead, we could actually attach an IAM role to an EC2 instance and allow the applications. So there are a lot of operational difficulties also can be resolved by doing this. For example, if you have to rotate credentials for every 30 days, you don't have to manually go and change the credentials in the instance. So if AWS IAM role is used, so all the operational difficulties can also be simplified. So essentially this control what it does is it will attach, it will check the instance, which doesn't have the IAM role and ensures that the role is attached. So the role can be provided as an input and this can be utilized by the control and apply this to the EC2 instance. Thank you Rajesh. Thank you Ed. This actually I believe concludes our little presentation for you. So if there are any questions, anything we could perhaps clarify for you, please let us know. Awesome. And so if anyone does have any questions, please feel free to add that to the chat wherever you are watching and we can get those questions answered for you as best we can. There were a few that I had, I'd love to kind of kick things off while we're waiting for some people to submit their questions. And one of those questions is what makes Modos different from similar services? Is there anything that you do that's unique or something that's helpful in ways that folks might find useful? Yeah, actually I guess it's a really great question. One of the key things that I think makes Modos very useful is the ability that it's actually able to offer remediations, right? So you can actually take one of these tools and not only detect these things, there's tons of observability tools out there, tons of things that do detection, standardized tools that do alerting like Prometheus, those are all great and wonderful, but this one helps you actually remediate those compliances, right? So it's focused around that compliance stuff, the big ticket, and it's really focused around being able to actually solve the problem rather than simply know that there is a problem, right? And so I think that's what makes Modos stand out. You don't have to be a cloud expert that also is a compliance or security expert to use this tool. You can, with very little effort, kind of just hit the ground running, right? That can be an app dev who is like, hey, they just told me I gotta take care of the cloud and it's gotta be compliant. Add this with a little bit of AWS and you can get your ball rolling, no problem, right? So it really reduces that level of effort it takes to get into that world. And I think that's a very set apart feature for Modos. That's great to hear. I feel like there's so many teams that are having to adjust security moves so fast and it's hard to be on top of all those things, especially with day zero exploits and all of these other things that are coming out, right? Or like you said, if you're new to, whether it be Amazon, Azure, Google, whatever cloud that you're using, you might not have that expertise right away. So it's nice to know that you have that capability. Yeah, exactly. It's not surprising we all work in this tech space. So how often do we hear that? Oh, yeah, you know, I'm a software developer but I wear a few other hats sometimes, right? So we're just trying to make those hats fit a little more comfortably. I wear many hats as well but this one's my favorite, I'd have to say. I did see a question come in as well. Didn't want to cut you off. Was there a response there? No, please go ahead. Awesome, I saw this question. Security groups in AWS are pretty strong. How is this becoming a use case? So security groups in AWS are absolutely great but they require a form of control where you're still having to manually set these parameters and policies. A lot of what you could do in MateOS makes it agnostic to both the cloud as well as the security control itself. So for example, if you were to implement SOC3 compliance in your AWS environment, that would be a set of policies within MateOS and then you would choose, you know, this is the cloud that I want to apply that on and it would take a certain set of rules that apply for SOC3 and test them all against your environment, right? So that would include things like security groups, it would include things like firewalling, it would include things like encryption at rest, you know? Even IAM or service account permissions and things like that, it includes all those resources and its checks. And so rather than just be assured that your workloads are protected from a security group standpoint, you're actually looking at the entire cloud holistically and able to look at your security and compliance from that perspective. So this is more of a bigger picture kind of tool in that way. Security groups are great, they're very focused and we use them as part of our compliances, but they are a smaller set of the largest set of remediations and compliances that MateOS can help you manage. So generally what happens is, so the security groups actually inherently gives a lot of protection, but the problem happens when we tend to relay on the default security groups that are provided by the service providers. So we don't realize that there is a lot of open, means in order for convenience, it connects directly to internet and when you put a production system to a default security group, you come to a lot of problems, you encounter a lot of problems. And there are cases where accidentally people give ingress controls and checking on this ingress, like for example, SSH ports, RDP ports, means these are the ports that most often provides vulnerable access to your system. So protecting that through your security group is very essential. Yeah, and it's pretty difficult, at least in my opinion, that maybe there are some experts out there, but if I were to assess my security within any of these clouds, doing it manually is quite the challenge. And I mean, there's so many different ways to check things that one or two things may get missed. This tool allows you to kind of take that whole bucket and scan everything. Computers don't make mistakes, it'll find it, don't you worry. So this really helps make sure that that human error element is reduced as well. So as Rajesh was saying, a lot of the default things that you may not know that you need to change or maybe you forgot to change it for one project and it made it production, all of these things kind of get smoothed out with a tool like this. It sounds like Mato's kind of gives you that. I like what you said about, you can turn on all these default things, but it really helps to tune those and make sure that you know what you're covering. And also working in the cloud, there are so many unforeseen kinds of outcomes. Like I know in the earlier days of Kubernetes, the security groups that would get managed by certain ingresses would add and remove security groups and even IEM roles within AWS, some were like really privileged, some were not and you saw all of this activity going on, which kind of threw a lot of security postures for a loop just because like, oh my goodness, I can't believe this is what's happening behind the scenes. And then we've worked to secure that over time within the community, Kubernetes, et cetera, as one specific use case. But as security changes, is that something that Mato's is able to help you out with, adjust your security posture, set what your policies will be, et cetera. So I mean, yeah, you kind of take it, digest it however you need it, right? But as far as Mato's itself, it's constantly being developed in terms of the ability to do what it does. Any functionality that we find that might help have more coverage in terms of compliance and security within your cloud, that those features are being added as fast as possible. We are also making sure to add more compliance and audit options available. So you'll be able to have more coverage in terms of what compliance is, you can use in this tool and so on. The templating system, it's always being updated and you're able to actually write these policies yourself. So you can take it from a standpoint of I have SOC3 compliance that I need and go to I have SOC3 plus some details, right? And it becomes something that you can really personalize to your infrastructure. And it really is kind of agnostic to where you run and how you run it, right? So yeah, I would say that we're constantly developing capabilities and coverage for what this tool is able to do, specifically because we want it to be able to help in that compliance and security space, right? And it becomes useless if we don't. So absolutely is one of the things that we focus heavily on in its development. That's awesome, that's awesome. I feel like those are the best tools for the ones that can kind of grow with you, help you learn, you can teach the tool and train it with what you set up and tune and then vice versa. I know that some of those learnings can be kind of mind blowing as well in some cases. Like I didn't know that could happen. So always, never boring, never boring. I did see another question that came in that this question was what is your, what is the stance with EU regulations? So my guess is potentially a GDPR and some other things on that front. Yeah, sure. So I guess I'll rather take a slightly broader answer for that and anyone else is welcome to jump in that you're interested. So we're building this tool to specifically look at infrastructure resources. So when it comes to things like GDPR and those types of compliance is the aspects of it that are specific to infrastructure. So not your application data, for example. Those are the parts that this tool would help you assess and radiate. And when it comes to doing things like that, the workflow would essentially be you set up matters, you set up the credentials that you need, you set up the cloud that you're pointing to in project and then you just check off the boxes that allow you to target a policy that would give you that GDPR compliance in your EU project, right? And so once you've set this up, anytime you run the tool with this policy checked off for the project you've checked with and credentials, it'll give you feedback on what either you have complete compliance or you have violations of that and it offers you options for mediating those violations as well. So stance-wise we cover pretty much all the major compliances and we're constantly kind of covering more as we can. And so if you were to wanna use it for GDPR and it was specific to your use case, even if you weren't able to find the specific controls for GDPR, the platform is designed to be extensible so that you can build it exactly as you need it for your personal needs, right? So you'd be able to build a template to take a look at your environment specific to your resources and over time, we're building in more and more of these types of remediations and eventually they may cover all of GDPR in EU with one checkbox. But that's a ways away, I will say. Awesome, awesome. If you have any other questions, please feel free to throw those in the chat and I can get those asked. I had one other question and that was, are there any plans for growing your platform or opportunities to contribute? Can you tell us a little bit about that? I think the short answer is yes, but I'll let the engineer. Yeah, yeah, yeah, yeah, yeah. She's right, the short answer is yes. And I'll just touch on it a little bit real quick. So ways you can contribute, this is actually a really great one. So we made Modus open because we wanted the community to be engaged. We built this with the idea that, we took best practices and the best approaches from our experiences throughout the cloud environments, throughout our experience in the cloud space and the industry and built a tool that would help people like ourselves and other customers we've worked with. And so now we wanted to share it and have the feedback and the help of you guys to drive that forward, right? And that's kind of the spirit of CNCF. We all help each other build these tools that make our work in lives easier. So as far as contributing, we try to have the best approach to make all of this portable and pragmatic where we always will need contributions and involvement is along those remediations. So as we mentioned, we offer remediations for violations that we find. And we're always building these policies and sets of scripts that help you maintain those compliances for like SOC3 have been so on. We would love for the community to get involved and help add to those repositories of scripts because the more we have in there, the more valuable it is to each and every one of you. And so that's definitely a great way that you guys can all contribute and one of those places that we would love to interact with you, right? So just want to throw that. And we are also constantly expanding our scope. So we're being expanding this scope for AWS and we are also poised to for expanding the scope for GCP and Azure. And we don't want to limit to all these three clouds and in future, we also want to support like Alibaba Cloud, IBM or Digital Ocean, whatever it is. So we wanted to expand the cloud security to all different platforms. So we have a roadmap for the Mato's and we welcome, as it was mentioning, right now the focus is more towards providing solutions for security of DevSecOps. So the remediations from the community will be of great help. And also, this goes without saying, feedback, lots of feedback. We want to hear all of your issues. Feel free to jump on GitHub and pop an issue open, give us as much detail as you can, feature requests, the more traction, we're happy to work on this platform with you guys and we need to hear what you want for us to build it in a way that you want it, right? So please feel free to just jump on there, find bugs and request features and we're happy to hear from you. We will get back to you. We will talk and interact and respond. So we look forward to it. Awesome, awesome. I love those two steps of working within an open source community. His step one show up, step two stick around and we can make awesome things together. So thank you very much. This is exciting. I went ahead and shared that link to your GitHub repository. So definitely hope some folks are able to start that and take a look and join in the fun. Keep, help us with staying secure. I don't see, I don't see any more questions that have come in. I would love to invite folks to throw in any last minute questions and we can get to those. Otherwise, do you all have any closing statements, thoughts or things for us to think on as we draw to close here? I would say, we're pretty excited to have you guys take a look at this and really appreciate the time that you've given us to share. And I hope that you guys find it useful and look forward to your feedback. Just to echo that, I think we're really happy and grateful to have been able to share what we do with you guys and the sense that we have to kind of include us to be able to do this live stream so we can. Awesome. So any feedback, as we mentioned earlier, any feedback, any suggestions? Then we can work together with the community to build a better tool. We're happy to receive such a request and we'll be happy to implement and provide it as a open source for the community. The more the merrier, really. Yeah, committed folks making commits. I really enjoy it. Awesome. Awesome. Thank you all very much. Thank you everyone for joining us for this episode of Cloud Native Live. It was great to learn from the Cloud Meet Us team. We really enjoyed the interaction and questions from everyone. And yeah, thank you so much for joining us. We hope to see you again soon and stay secure out there. Check out some awesome Cloud Native tools. See you soon. Thank you.