Add Confidential Containers Incubation Due Diligence Report by kevin-wangzefeng · Pull Request #2199 · cncf/toc

kevin-wangzefeng · 2026-06-16T19:24:01Z

This PR contains the due diligence for Confidential Containers (CoCo) to be an Incubation project in CNCF.

Project application issue: #1504.

Overall, CoCo meets all the necessary criteria for Incubation. The project has demonstrated strong community engagement, active development, and a solid foundation of users and adopters.

This PR is now available for TOC review and public comment. Period open until June 30th, 2026.

Signed-off-by: Kevin Wang <kevinwzf0126@gmail.com>

…tion DD Signed-off-by: Kevin Wang <kevinwzf0126@gmail.com>

Signed-off-by: Kevin Wang <kevinwzf0126@gmail.com>

Co-authored-by: Faseela K <k.faseela@gmail.com> Signed-off-by: Kevin Wang <kevinwzf0126@gmail.com>

Signed-off-by: Kevin Wang <kevinwzf0126@gmail.com>

fitzthum

Thanks @kevin-wangzefeng

Two little notes but this looks great

fitzthum · 2026-06-23T19:41:51Z

+- **Document subproject governance details**: The subproject removal process, per-subproject maturity status, and a public per-subproject maintainer list are not yet documented and should be completed before graduation.
+- **Integrate with the official CNCF calendar**: Weekly community meetings are documented in a public Google Doc; adding them to the official CNCF calendar would make them easier to find.
+- **Keep the contributing guide current**: The contributing guide has not been updated since 2024 and should be reviewed periodically to match the current state of the project.
+- **Fix the short-term roadmap board link**: The short-term roadmap link to the Confidential Containers GitHub board in `roadmap.md` is broken (outdated "view") and should be corrected.


This should be fixed by confidential-containers/confidential-containers#366

fitzthum · 2026-06-23T19:44:21Z

+
+### Adoption Evaluation
+
+The TOC interviewed four adopters of Confidential Containers — IBM, NVIDIA, AccuKnox, and TDC — spanning hardware vendors, cloud and security vendors, telecom, and enterprise IT across multiple geographies. All four reported pre-production or dev/test usage on recent releases (versions 0.13 through 0.18), which matches the level of adoption expected for Incubation. Several adopters also contribute upstream or hold maintainer roles, and most track the project closely as the foundation for downstream products.


The NVIDIA Reference Architecture for Confidential Containers is GA now btw https://docs.nvidia.com/datacenter/cloud-native/confidential-containers/latest/overview.html

But this hadn't happened yet when the interview was conducted, so fine to keep as is

kevin-wangzefeng requested a review from a team as a code owner June 16, 2026 19:24

github-actions Bot added needs-triage Indicates an issue or PR that has not been triaged yet (has a 'triage/foo' label applied) needs-kind Indicates an issue or PR that is missing an issue type or kind (a kind/foo label) labels Jun 16, 2026

github-project-automation Bot added this to TAG Infrastructure, TAG Developer Experience, TAG Operational Resilience, TAG Workloads Foundation, CNCF TOC Board and TAG Security and Compliance Jun 16, 2026

github-actions Bot added the needs-group Indicates an issue or PR that has not been assigned a group (toc or tag/foo label applied) label Jun 16, 2026

github-project-automation Bot moved this to New in CNCF TOC Board Jun 16, 2026

kevin-wangzefeng mentioned this pull request Jun 16, 2026

[Incubation] Confidential Containers Incubation Application #1504

Open

47 tasks