The Upside To Donating Projects to the CNCF #
In an era where open-source leadership defines the competitive edge, technology directors at open-source companies often have to decide and explain if they donate your project to the Cloud Native Computing Foundation (CNCF). The CNCF isn’t just another industry body — it’s a crucible where projects evolve from early-stage ideas to mature, community-certified solutions fully.
Some recent examples of this strategic play are — Solo.io’s decision to donate its leading open-source API gateway to CNCF, and Red Hat’s intention to donate multiple tools for creating and managing containers, including Podman, to the Cloud Native Computing Foundation (CNCF).
Milestones as Maturity Benchmarks / Industry Standards #
One of the most compelling advantages of donating a project to CNCF is the stamp of approval with its milestones. The CNCF milestones serve as an industry-trusted benchmark. The CNCF nurtures projects through a clearly defined journey — from the Sandbox phase for early-stage ideas, incubation, and ultimately graduation. A graduate project signals technical maturity and a robust, diverse community of contributors. This translates to higher credibility for consumers of those technologies, often large enterprises. Customers and partners alike take note when a project has “made it” through the CNCF pipeline.
It is important to note that several projects have remained in the CNCF Sandbox or Incubating stage without graduating. For example, Spotify’s Backstage and KubeVela are notable projects that, despite growing adoption and active communities, haven’t yet met all the CNCF graduation criteria. It’s important to note that remaining in Sandbox or Incubation doesn’t imply failure — it often reflects a project’s ongoing evolution and the rigorous benchmarks set by CNCF.
Driving Community Innovation and Market Positioning #
Beyond credibility, joining CNCF can significantly accelerate innovation. People are more reluctant to volunteer when it’s evident that a corporation is profiting substantially while volunteers receive no share of the benefits. Donating to CNCF opens the door to a broader pool of contributors and ecosystem partners who bring fresh perspectives and technical expertise. By associating with CNCF, your project gains synergies with other leading initiatives, enhancing credibility and accelerating innovation through shared expertise. This validation can be incredibly persuasive to enterprises and partners evaluating your project. A critical advantage in today’s fast-paced market is having a project that evolves quickly and adapts to new challenges. Moreover, aligning with CNCF’s neutral, globally recognized brand can enhance your company’s strategic positioning, signaling that you’re committed to the open-source ethos and long-term industry growth.
A Measured Security Assessment Process #
One standout service is the CNCF TAG-Security Security Assessment Process (TSSA). This process reduces ecosystem risk by improving vulnerability detection and resolution and enhancing domain expertise through collaborative assessments. Another goal is accelerating adoption by providing consistent, structured security documentation, establishing a measurable security baseline, and clearly outlining design goals, potential risks, and next steps.
The TSSA offers a view of a project’s security design and fosters a culture of security awareness. It delivers an external security validation that can boost your project’s credibility.
The Donation Process and Its Considerations #
It’s important to remember that donating a project to CNCF is not a casual decision. The process requires an application, thoughtful decision-making, and not guaranteed acceptance. For many projects, however, milestone-based validation and the structured TSSA are compelling advantages that help reinforce an already successful governance model. For a more detailed list of action items for any project onboarding as a sandbox project — please visit this link.
This article was originally published on Medium as part of the BoFOSS publication.