Software Engineering

NOVA Code and Coffee is an inclusive, informal, co-working session. People of all skill levels are invited. The concept is simple, bring a laptop and ideas, we'll provide the coffee and donuts! Here's how it works: 1. At 10:15 everyone introduces themselves and briefly describes what brought them to Code & Coffee today (project, homework, networking, etc) 2. For the rest of the day, folks work in the communal space on their projects providing one another help and conversation as needed. Oh and they usually drink coffee and tea too! That's it! Hope to see you there! **Location** Our hosts are the Fairfax City Economic Development Building: [10300 Eaton Pl, Fairfax, VA 22030](https://www.bing.com/ck/a?!&&p=d7298231ca2df594df822003f9a93517c788fceefe1fcbb79c8976696e341bc6JmltdHM9MTc1MzIyODgwMA&ptn=3&ver=2&hsh=4&fclid=180d0745-3b7f-69a1-23a2-11433a7868e5&u=a1L21hcHM_Jm1lcGk9MTA5fn5Ub3BPZlBhZ2V-QWRkcmVzc19MaW5rJnR5PTE4JnE9RmFpcmZheCUyMENpdHklMjBFY29ub21pYyUyMERldmVsb3BtZW50JnNzPXlwaWQuWU44NzN4ODI4MTk2Mjg0NTk5MDM4MTU0MiZwcG9pcz0zOC44NjE0NDYzODA2MTUyMzRfLTc3LjMwMjE3NzQyOTE5OTIyX0ZhaXJmYXglMjBDaXR5JTIwRWNvbm9taWMlMjBEZXZlbG9wbWVudF9ZTjg3M3g4MjgxOTYyODQ1OTkwMzgxNTQyfiZjcD0zOC44NjE0NDZ-LTc3LjMwMjE3NyZ2PTImc1Y9MSZGT1JNPU1QU1JQTA&ntb=1) Conference Room A- Large, Floor 1 This is a new venue for us, so give us some time to get more details about it. Driving is the best option. There is plenty of free on-site parking. Otherwise, we are a 22 minute bus from the Vienna Metro Station. Bicycling from Vienna is possible but difficult, though once you are here, there's a bike rack in the garage behind the building, and there's also a Capital Bikeshare dock 15 min walk away. **Sponsored by:** Thank you [Fairfax City Economic Development](https://gofairfaxcity.com/) and [Mason Enterprise Center](https://enterprise.gmu.edu/) for making this event possible! **Thank you so much to our wonderful sponsors!** Organized by [DMV Petri Dish](https://www.dmvpetridish.com/) **[Code of Conduct](https://github.com/NoVACodeCoffee/admin/blob/master/code-of-conduct.md):** We value the participation of each member of the community and want all attendees to have an enjoyable and fulfilling experience. To make clear what is expected, all delegates/attendees, organizers, and volunteers at any Nova Code & Coffee events are required to conform to our [Code of Conduct](https://github.com/NoVACodeCoffee/admin/blob/master/code-of-conduct.md).

# 💼 **Build With Me #3: Build Your Idea (Working Session)** 🗓 Wednesday \| 7–9 PM 📍 Venue: AWS HQ2: 1770 Crystal Dr, Arlington, VA 22202 Now it’s your turn. In this session, we take real ideas from the audience and start building them — together. *** ## ⚡ What We’ll Do * Select a few audience ideas * Break them into simple, buildable versions * Start building live (with guidance and feedback) * Share progress and next steps *** ## 🧠 What You’ll Learn * How to evaluate if an idea is worth building * What the *simplest version* should look like * Where AI helps — and where you need to think *** ## 🎯 Who This Is For * Anyone with an idea (big or small) * People who want hands-on experience * Builders ready to take the next step *** You don’t need a perfect plan. You just need to start. *** Bring your ideas. Let’s build.

We’re excited to bring the community together for an evening of learning and connection. This time, we'll have a community member from Chainguard sharing a use case and, as usual, an Elastic employee sharing their expertise as well. Come support your fellow developers, learn something new, and meet others who are passionate about search, observability, and security. **Date and Time:** Tuesday, May 19th, from 5:30-7:30 pm EDT **Location:** Elastic Arlington Office - 4100 Fairfax Drive, Ste 500, Arlington, VA 22203 **Agenda:** * 5:30 pm: Doors open; say hi, grab a seat, and eat some food. * 6:00 pm: The SBOM Pile in Your S3 Bucket: Turning Bills of Materials Into a Risk Dashboard; and Watching It Shrink with Chainguard, by Mike Barreta, Senior Manager, Engineering at Chainguard * 6:30 pm: Q&A * 6:40 pm: **Agentic Observability: Next-Gen Alerting and Auto-Detected Significant Events**, by Jason Rhodes, Senior Manager, Software Engineering at Elastic * 7:10 pm: Q&A * 7:20-7:30 pm: Networking & refreshments **Talk Abstracts:** **"The SBOM Pile in Your S3 Bucket: Turning Bills of Materials Into a Risk Dashboard; and Watching It Shrink with Chainguard**" Most organizations now generate SBOMs because someone — EO 14028, a FedRAMP auditor, an ISSM — told them to. They land in an S3 bucket, get versioned, and are almost universally never queried. This talk is about what happens when you finally do. I'll stand up a self-contained Elastic stack, pour in SBOMs (SPDX), SLSA provenance, Sigstore signatures, Grype vulnerability scans, the CISA KEV catalog, and OpenVEX adjudication for 30 container images, and show the queries that only become possible once SBOMs stop being compliance artifacts and start being telemetry: which packages I actually run right now, which CVEs are real exposures versus VEX-suppressed noise, what swapping a stock image for its Chainguard equivalent would buy me, and how much of my CVE list is just stuff I inherited from the base layer. Then the cleanup. The same dashboards on Chainguard images show what disappears when the SBOM is small, the signatures verify, and the advisory feed is active: \~9,000 fewer CVEs and \~2.5 GB saved across 20 image pairs, KEV exposure dropping from 7 hits to 0, compliance pass rate going from 0% to 76.5% against NIST 800-218 / FedRAMP Moderate / SSDF. **Bio:** Mike Barretta leads Chainguard’s public sector solutions engineering team, focused on helping ensure the federal government receives its fair share of the future. Barretta has worked across civilian, defense and intel programs in a variety of roles—software developer, data scientist, solution architect—for a variety of organizations—system integrators, consulting companies, software vendors—with the common purpose of creating and championing technologies and techniques for simplifying the extraction and utilization of information from lots of data. Having witnessed the ever-increasing threats to those systems, Barretta is now focused on methods and mitigations to secure them **Agentic Observability: Next-Gen Alerting and Auto-Detected Significant Events** We're rebuilding Elastic's alerting engine to make alerts more flexible\, more powerful\, and more valuable as data\. Next\-gen alerting rules will run anything ES\|QL supports and capture whatever fields matter to you\, so alerts carry the context you need for real downstream analysis\. And if you'd rather not manage these rules yourself\, AI agents can help\, drafting them from natural language\, recommending tuning and configuration changes\, and reducing noise through deduplication\. On top of this, we're also building a new Significant Events system which automatically builds a continuously updated knowledge base of your incoming data's own metadata. Using this deep understanding, our agentic tools will detect significant events from log patterns, anomalies, and predicted behavior — without you having to create a single rule. **Bio:** Jason Rhodes is a software engineering lead at Elastic, where he works on alerting and observability features. Based in the DC area, he has over 15 years of experience in software development and has been an active contributor to the local tech community — creating and organizing Baltimore NodeSchool and charmCityJS. When he's not writing and reviewing code, he's probably watching too many movies. **Parking:** * The building’s parking garage is operated by Colonial Parking and is located off N. Randolph Street * Book a spot on[ SpotHero](https://spothero.com/search?kind=address&latitude=38.8818514&longitude=-77.1095268&search_string=4100+Fairfax+Dr+%23500%2C+Arlington%2C+VA+22203%2C+USA) * A Metro Station is located across the street

Want to mess with some electronics? Or perhaps contribute to HacDC's main group project? HacDC's latest event brings hardware projects to the community. We will focus primarily on the main project (Space Blimp!) but please feel free to bring some of your own projects to show off and work on!

meet at Tysons Corner Mall Upper Level Food Court

Today we are Steve's Lab. RSVP and you'll be sent the location. It's in Silver Spring. ***Join us for an evening in an electronics lab where we will attempt to run clean scans of graphene and gold samples, and then clean up that data with post processing.*** This is a high sensitivity experiment, and we do not plan on being successful so early. But we've had promising results lately - so we will be putting in the time. We are NOT meeting at our usual location, but rather at Steve's house/lab. If you RSVP, you will get a DM with the address but it's located in Silver Spring. We will attempt full, clean lab - clean tip repeated scanning tests to see what we can learn and improve. We will experiment with online attendees, but if all possible showing up in person is strongly encouraged. Online join link is: - [https://meet.jit.si/mocomakers](https://meet.jit.si/mocomakers) Our community is building (and documenting for other teams) how to build a scanning tunneling microscope using a mix of common and 3D printed parts. This will allow us to scan and visualize a single atom - an ambitious we are doing over the course of a few months. The MoCo Makers community is one of the most innovative and competent groups in Maryland, and we've done everything from [publishing cancer research](https://pubmed.ncbi.nlm.nih.gov/38136356/), to [launching products](https://www.kickstarter.com/projects/gotim/cozy-curvy-multi-contour-pillow), [winning grants](https://covidinfocommons.datascience.columbia.edu/awards/2014255), and inspiring thousands. Now our biggest challenge yet has appeared. We are building a Scanning Tunneling Microscope, that will allow us to scan and visualize single atoms. To get a better idea of what we are doing, see our reference project here: [https://www.youtube.com/watch?v=7N3OqTEq08g](https://www.youtube.com/watch?v=7N3OqTEq08g) All starting CAD, code, and reference files should exist. However, let's be the first Maker community to document the build process and share it with learners around the world. We will be publishing our work here -[ https://hackaday.io/project/202816-qt-panda](https://hackaday.io/project/202816-qt-panda) If you need a ride, let us know.