Project post by Cloud Custodian maintainers
The Cloud Custodian maintainers are happy to complete a successful security audit with Ada Logics. The Open Source Technology Improvement Fund (OSTIF) facilitated this audit, which was generously funded by the Cloud Native Computing Foundation (CNCF). This audit marks a significant step in our ongoing commitment to strengthening the security posture of Cloud Custodian.
Over the years, Cloud Custodian has become the de-facto standard for cloud governance. The project allows you to codify and automate all aspects of governance, including operations, cost, security, and language. Thousands of global brands use Cloud Custodian which has over 400 contributors. Before the audit, Cloud Custodian implemented robust security measures to safeguard its operations:
- Static Analysis: All pull requests are scanned using Semgrep and Bandit tools, ensuring that code vulnerabilities are identified and rectified early in the development process.
- Secure Artifacts: Docker image artifacts are published with source metadata signed using Cosign, enhancing the integrity of our distributions.
- Safe Releases: Each release is conducted with a frozen dependency graph, which prevents injection attacks and ensures reproducibility.
Goals and Process of the Audit
The primary objective of the audit initiated by Ada Logics was to strengthen the security framework of Cloud Custodian. The process began with the development of a comprehensive threat model that served as a roadmap for the audit. This model was continuously refined throughout the audit, enhancing our understanding and response to potential security threats.
Key Activities
Threat Model Formalization: The establishment of a formal threat model was a crucial first step, providing a structured approach to identifying and mitigating risks.
Code Audit: A review of the Cloud Custodian codebase led to the identification and remediation of various security vulnerabilities.
Fuzzing Integration: A significant milestone was the integration of Cloud Custodian into OSS-Fuzz. This move facilitates ongoing security testing, allowing for the continuous discovery and resolution of vulnerabilities.
Fuzzing Suite Development: The team at Ada developed a targeted fuzzing suite specifically for Cloud Custodian. This suite not only tests the resilience of Cloud Custodian against attacks but also sets up a sustainable infrastructure for ongoing security assessments.
Audit Enhancements
Following the audit, several key improvements were made:
Security Fixes: Adjustments were made to rectify insecure practices related to temporary files and URL handling.
Enhanced Testing: The introduction of OSS-Fuzz tests has further fortified our security testing capabilities, ensuring continuous vigilance against potential threats.
The insights gained from this audit are invaluable and have significantly contributed to enhancing the security posture of Cloud Custodian. We remain committed to the continuous improvement of Cloud Custodian, ensuring it is secure, and ahead of modern security threats.
We extend our gratitude to Ada Logics for their meticulous work, to OSTIF for their facilitation, and to the CNCF for their support. This collaborative effort underscores our commitment to providing a secure tool that meets the evolving needs of cloud governance.
Resources
OSTIF blog post: ostif.org/cc-audit-complete/