Open Source Summit India 2025

India, US, EU, and other governments introduced cybersecurity regulations for anyone distributing software. Any software maintainer, contributor, and developer, needs to be aware of their software dependencies and any associated risk (vulnerabilities, licensing issues, unmaintained software, unknown origin), and how to efficiently manage these software components. This is most often – and now regulated – with SBOMs.

Container security approaches often focus heavily on image scanning while neglecting runtime protection, creating dangerous blind spots in cloud native architectures. Organizations deploy seemingly secure containers only to discover exploits targeting runtime vulnerabilities that bypass static analysis entirely. Our talk introduces a comprehensive defense-in-depth strategy that combines supply chain validation, admission controls, and runtime behavior analysis to detect and prevent sophisticated attacks. We'll demonstrate real-world attack patterns and how open source toolkits like Falco, SPIFFE, and AppArmor can be used for runtime protection, focusing on workload attestation and behavioral fingerprinting techniques that traditional security scanners often miss.

The growing complexity of cloud-native environments has made incident detection and remediation increasingly challenging, with engineers often spending precious hours sifting through disconnected telemetry data. This talk demonstrates how Model Context Protocol (MCP) which an open protocol for building agent applications bridges the gap between OpenTelemetry data and AI-powered analysis to dramatically reduce Mean Time to Recovery.

APIs are the backbone of modern applications, yet they remain the #1 attack surface for cyber threats. SecuAPI is an AI-powered API security scanner designed to automate vulnerability detection, anomaly detection, and remediation. This session will cover how SecuAPI leverages ML models to detect unusual API behavior, enforces security best practices, and integrates seamlessly with DevSecOps workflows. Attendees will gain insights into API security trends, real-world attack scenarios, and how AI-driven security can proactively protect APIs without manual intervention. Whether you're a developer, security engineer, or DevOps professional, this talk will help you enhance API security while ensuring compliance and scalability.

Kubernetes is built to scale—but how do you prove it? Whether optimizing for cost or deploying at hyper-scale, benchmarking is crucial to understanding where your clusters thrive and where they break. Enter Kube-burner and Cluster Loader 2, two powerful tools designed to push Kubernetes to its limits and expose performance bottlenecks before your users do.