Tekton is a powerful and flexible open-source framework for creating CI/CD systems, allowing developers to build, test, and deploy across cloud providers and on-premise systems. Get started with Tekton.
Since 2018, Tekton has matured considerably, while remaining true to its nature of having a small footprint and giving users full flexibility in how they setup their CI/CD system through Tekton.
This very flexibility has enabled Tekton to become the base for the implementation of more opinionated services on top, ranging from open source projects, and cloud services as well as end-user platforms for DevOps services.
The Tekton community benefits from a large and diverse community, with contributors from many different companies. The community features an open governance model, with documented policies about different aspects of the community life:
- code of conduct
- the governing bodies, their elections and responsibilities
- the contributor ladder with rights and responsibilities
- design principles and development standards
- security policies
Tekton cares a lot about security, both for the project as well as for its users:
- Tekton has undergone a security audit
- Tekton has a vulnerability team and a security policy
- Tekton features a project, Tekton Chains, fully dedicated to providing security features for Tekton users, including integration with Sigstore
- The core Tekton projects have all achieved the OpenSSF Best Practices badge.
Tekton uses Tekton for its own build and release process, which also means that Tekton releases are signed through Sigstore, with attestation stored publicly, so that users may verify both the container images' signatures as well as monitor the attestations.
Tekton follows documented release cycles, with a community-wide support policy which aligns with that of Kubernetes and other projects in the ecosystem.
The Tekton project is thriving within the Continuous Delivery Foundation, it has grown to fulfil all [required criteria] tekton-graduation-criteria and it would like to formally apply for graduation.
The following twelve graduation criteria have been derived from the definition of graduated stage as defined by the TOC, and they have been [agreed] as [Tekton specific graduation criteria] tekton-graduation-criteria. They are tracked in the Tekton graduation project on Tekton side as well.
Criteria:
- Have a defined governing body which consists of members from at least 2 different companies
Evidence:
| Full Name | Company | GitHub | Slack | Elected On | Until |
|---|---|---|---|---|---|
| Priya Wadhwa | ChainGuard | priyawadhwa | @Priya Wadhwa | Feb 2022 | Feb 2024 |
| Vincent Deemester | Red Hat | vdemeester | @vdemeester | Feb 2021 | Feb 2023 |
| Jerop Kipruto (while Christie is on leave) | jerop | @Jerop Kipruto | Apr 2022 | Oct 2022 | |
| Andrea Frittoli | IBM | afrittoli | @Andrea Frittoli | Feb 2022 | Feb 2024 |
| Dibyo Mukherjee | dibyom | @Dibyo Mukherjee | Feb 2021 | Feb 2023 |
Criteria:
- Have a documented and publicly accessible description of the project's governance, decision-making, and release processes.
Evidence:
Criteria:
- Have a healthy number of committers from at least two organizations. A committer is defined as someone with the commit bit; i.e., someone who can accept contributions to some or all of the project.
Evidence:
- 24 Companies with 100+ contributions
- 100+ companies who contributed
- Source: devstat
Criteria:
- Explicitly define a project governance and committer process. This is preferably laid out in a GOVERNANCE.md file and references a CONTRIBUTING.md and OWNERS.md file showing the current and emeritus committers.
Evidence:
- Governance.md
- processes.md
- Contributing.md: community, pipeline, triggers, cli, dashboard, operator, chains
- OWNERS files: pipeline, triggers, cli, dashboard, operator, chains, catalog.
Criteria:
- Have a public list of project adopters for at least the primary repo (e.g., ADOPTERS.md or logos on the project website).
Evidence:
Criteria:
- Have achieved and maintained an OpenSSF Best Practices Badge.
Badges:
| Project | Badge |
|---|---|
| Pipeline | |
| Triggers | |
| Chains | |
| Dashboard | |
| CLI | |
| Operator |
Criteria:
- Projects that have publicly documented release cycles and plans for Long Term Support ("LTS").
Evidence:
Criteria:
- Projects that have themselves become platforms for other projects.
Evidence:
- Some major OpenSource projects built on top of Tekton are listed in the adopters.md list
- Project FRSCA is built on top of Tekton
Criteria:
- Projects that are able to attract a healthy number of committers on the basis of its production usefulness (not simply 'developer popularity').
Evidence:
- Some contributing companies that use Tekton as users and/or vendors:
- IBM: Tekton on IBMCloud
- RedHat: RedHat OpenShift
- Relay: How Relay Works
- SolarWind: Project Trebuchet Keynote
Criteria:
- Projects that have several, high-profile or well known end-user implementations.
Evidence:
- SolarWind: Project Trebuchet Keynote
- adopters.md
Criteria:
- Project has undergone a security audit
Evidence:
Criteria:
- Receive a 2/3 supermajority vote from the TOC to move to Graduated stage.
Process:
- Voting on this PR and on the mailing-list thread (link TBD)