 Hi, this is your host Apil Bhartya and today we have with us once again Kapil Thangavallu, creator of CloudCastodian and co-founder and CEO of Stackled. Kapil, it's great to have you on the show. Thanks, happy to be back. Yeah, and it's good news. CloudCastodian is moving to CNCF incubation. Before we talk about what does it mean for the community, for the company, for the user base, I would like to remind our viewers what is CloudCastodian all about. So CloudCastodian is a YAML-based rules engine for doing cloud governance. And it will allow you to, and against the given cloud provider, find some interesting set of resources via arbitrary filtering, then take a set of actions on them. And those filters and actions are your policy language, and they go together like Lego bricks to form many different types of policies from cost, governance, security, compliance, operations. And then it also includes within it a built-in serverless provisioning framework, which we use to provision policies as event-based so that they can operate in real time against API calls as they're happening. So remediation as a first-class citizen, simple YAML DSL you can do and that you treat in the same way that you do infrastructure as code, you now can treat your policy as code. Excellent. What kind of adoption are you seeing of governance as code in general? And what kind of industries specifically? So I could speak to the CloudCastodian user base, of which there are thousands of production users across every industry and sector. I would say that governance is a big tent and that is inclusive of many different needs that an organization has to be well managed. And so you see startups doing things with cost optimization or operations or taking off hours for their resources. So I think there's definitely something there for all users of Cloud once they get to a certain size with regards to infrastructure no longer fitting in a single person's head or having multiple teams. And so Cassodian is really designed to let those users pick whatever tools they want but make sure that the organization policies are in effect regardless of those tools and technology choices. So we see from a sector space like we see startups, we see FinTech, we see BigTech, we see traditional health care companies, insurance companies, etc. Coil and gas, like you name it, it's sort of a cross section across whoever's using Cloud. Excellent. Now let's talk about the CNCF side of the story, which is incubation. The project is already being used in the industry and that's something interesting with open source projects like these is that. So what does the incubation really mean not only for of course you folks but also for the users and the community which is helping build the project? Yeah, so the CNCF has multiple levels of from sandbox to incubation to graduated and the CNCF itself as an organization provides additional resources to the projects as they progress along that path both in the form of marketing at their various conferences including direct resources to the project for everything from pen testing to CI infrastructure, etc. And so the process was fairly and a lot of that process is there to help ensure that projects are successful, that they have good governance as they graduate through. In custodians maybe a little bit odd in that it was already fairly mature and with thousands of production users and lots of contributors and maintainers across multiple organizations when we were in sandbox itself or from our very inception in CNCF we came with a robust, mature community. And so that process itself has been working with the technical advisory group for security, tech security to do a security review. So that process was long and but it was also very useful to have those artifacts documented. I recently had to reply to a security inquiry from one of the cloud providers about one of their customers that was concerned about open source and security and supply chain security and so we were able to hand them the artifacts that we'd already produced for the tech security and the CNCF security review. So from a larger perspective I think it really signifies sort of the larger adoption of Clock Studio and as well as the assurances that organizations can have of having a trusted home for their core critical assets that they depend on. So having the CNCF as a foundation, as an umbrella that provides all these resources and provides some assurances to organizations with regards to the long term governance and health of the project and assets is super useful. And so one thing that's been really nice is that we've had so many of our contributors who have already come in from already members of the CNCF. So it was very painless unwrap for some of those contributors. Yeah, and CNCF has been really welcoming and nice ecosystem community that many can kind of envy and a lot of cross-pollination also happens there. A lot of projects feature as you mentioned also a lot of companies projects are there. It's a new incubation. What is the next step? And once again, they have their own processes in place. But is there any effort in there from your end to maintain as a creators to ensure that it moves to the next page, which could be the graduation or whatever the process is there? Yeah, so I mean from a CNCF perspective, unfortunately, we have a fantastic community manager, George Castor, who has worked for many years with the CNCF community. And I think we're ready to and he's been sort of driving on these efforts. And we're looking to go directly into graduating within a year and just following through on the process. So that is getting some additional validation with regards to how many production users there are, some that's with regards to having, you know, documented governance structures in place, having a neutral base of maintainers that have committed access. So all things that we frankly have already we already meet on the requirements perspective, so it's really just a question of shepherding through the processes and and then we'll see where we go from there. Now, on the project side, we have a ton of roadmap. And as far as what we're looking forward to in the future, that relies on that covers off on some additional cloud providers that we're trying to integrate in the most recent one that just went into last release was 10 cent directly contributed by 10 cent themselves. And then we're also adding in support for Richard's work for Kubernetes, both the mission controller, you know, validating mutating in addition to our distinct support. And then we're finally starting to make some real traction on our chef-left capabilities of being able to evaluate infrastructure as code in its source form. And so, you know, we feel like having that single lingua de franco, sorry, lingua de franca of governance tooling that can apply across the wide spectrum of assets is really helpful for for users to be able to have a great experience for those of what their governance and needs are that they want to apply to. Kapil, thank you so much for taking time out today and talk about cloud custody and moving to the incubation phase of CNCF. And I would love to talk to you again soon. Thank you. Thank you. Take care.