The process for reading the next wave of technology is not unlike that of a surfer waiting for the next swell in a vast ocean. From trying to determine whether the wave will break left or right, to getting a read on the wave’s expected peak and quality, it’s a tricky process at best.

The same can be said when evaluating an active startup ecosystem and its potential impact on the cloud world. To better understand future trends, theCUBE, SiliconANGLE’s livestreaming studio, welcomed eight companies within the Amazon Web Services Inc. startup ecosystem to discuss the latest cloud-native technologies and new tools for open-source security during the AWS Startup Showcase: Open Cloud Innovations event.

Here are three insights you might have missed from theCUBE’s interviews during the AWS Startup Showcase. (* Disclosure below.)

1. The ACT Project offers a timely contribution to the software security discussion

The Startup Showcase included a panel of AWS Heroes, a community of experts with extensive cloud knowledge and experience. One of the experts interviewed was Casey Lee, chief technology officer of Gaggle.Net Inc., who is guiding an intriguing Linux Foundation project called Automated Compliance Tooling, or ACT.

ACT supports the development of open-source tooling for a software bill of materials to provide license compliance and greater transparency in the provenance of workflows. Google LLC, VMware Inc. and Siemens AG are key participants in the project.

The activity surrounding ACT is timely, because calls for a software bill of materials and ways to track provenance have risen significantly over the past year, accompanied by heightened concern around security in the software supply chain. Lee created the ACT tool when GitHub Actions, a platform for automating and testing the development pipeline, first came out and he wanted to let developers test the capability locally.

The project has gained significant interest among active programmers in recent weeks, with a sharp rise in participation among GitHub’s most influential developers or “stars,” according to Lee.

“The biggest challenge I’ve had with this project is just keeping up with the community,” Lee said, during his Showcase interview. “We just passed 20,000 stars, and it would be a normal week just to get 10. I’m looking forward to what’s next for it.”

2. The enterprise world dodged a big-time bullet with Log4j vulnerability

Vulnerabilities in software supply chain security played out in real-time recently with the discovery in December of an exploit in the popular Java-based logging framework known as Apache Log4j. TheCUBE’s interview with Ravi Maira, head of product and partner marketing at Synk Ltd., revealed how quickly the security community scrambled to minimize the damage and averted a significant crisis.

The open-source Log4j collects diagnostics data from applications written in Java. Researchers found that a critical security flaw in Log4j could be exploited by hackers to break into systems.

Logging is ubiquitous in enterprise applications, which is one of the reasons why the Log4j vulnerability was assigned a Common Vulnerability Scoring System rating of 10, the highest possible ranking. Synk published a series of bulletins and issued a string of recommendations for applying a fix. Maira’s description of the response revealed how quickly the security industry reacted to avoid a disastrous scenario.

“A large percentage of our Java-using customers had the vulnerability,” Maira noted in his interview. “Once we put it in the database, which was the day it was disclosed, they were able to find and fix it very quickly. So, 91% of our customers fixed that vulnerability in just two days.”

3. Startups are generating a new wave of innovation on top of Kubernetes

Kubernetes, the container orchestration tool now used by over 90% of enterprises, according to the Cloud Native Computing Foundation, is fostering innovative approaches to application and cluster deployment.

A hint of what’s in store can be seen in the technology from Weaveworks Inc. Instead of provisioning infrastructure and fitting applications to it, the startup is seeking to mold infrastructure around the application by leveraging the elastic nature of Kubernetes.

Weaveworks’ approach uses “GitOps” to employ a set of practices that manages applications using cloud-native tools and services. Git, open-source software that tracks file changes, can be used in a Kubernetes cluster to prevent configuration drift.

“GitOps is an instantiation, a version of DevOps,” said Steve George, chief operating officer of Weaveworks, in an interview with theCUBE. “What we’re talking about is using Git as a way of recording what we want to be in the runtime environment and then telling Kubernetes from the configuration that is stored in Git exactly what we want to deploy.”

Watch SiliconANGLE’s and theCUBE’s complete coverage of the AWS Startup Showcase: Open Cloud Innovation event. (* Disclosure: This is unsponsored editorial. However, theCUBE is a paid media partner for this AWS Startup Showcase. Amazon Web Services Inc. and other sponsors of theCUBE’s event coverage have no editorial control over content on theCUBE or SiliconANGLE.)

Image: Pixabay-PIRO4D