New Kubernetes security audit complete and open sourced
By Chris Aniszczyk (@cra) and Rey Lejano In 2018, the Cloud Native Computing Foundation (CNCF) started performing and open sourcing third-party security audits with the goal of improving the overall security practices of our ecosystem. Since then, Argo,…
Helm completes fuzzing security audit
Project post originally published on Helm blog by Adam Korczynski, David Korczynski, and Martin Hickey In the past year, the team at Ada Logics has worked on integrating continuous fuzzing into the Helm core project. This was an effort focused on…
Crossplane completes fuzzing security audit
Community post originally published on the Crossplane blog by Adam Korczynski and Jared Watts Crossplane is happy to announce the successful completion of our fuzzing security audit. The work was carried out by the team at Ada Logics…
The Notary project completes fuzzing security audit
Community post also published on the Notary blog by Adam Korczynski, David Korczynski, and Feynman Zhou Reviewed by Pritesh Bandi, Samir Kakkar, Shiwei Zhang, Toddy Mladenov, Vani Rao, Yi Zha The Notary Project is happy to announce the…
“A well-secured project”: Cilium security audits 2022 published
Project post by Liz Rice, Isovalent, for the Cilium project One of the benefits for CNCF projects is the funding of third-party security audits and testing. These help projects identify potential vulnerabilities in their code and process improvements…
Istio publishes results of 2022 security audit
Project post originally published on the Istio blog by Craig Box Security review of Istio finds a CVE in Go standard library Istio is a project that platform engineers trust to enforce security policy in their production Kubernetes…
Backstage security audit & updates
Project post originally posted on the Backstage blog by Patrik Oldsberg, Spotify TL;DR: Backstage’s security posture continues to mature! Today, we’re releasing a report from an independent security audit and the first version of the Backstage Threat Model….
Improving CNCF security posture with independent security audits
When Policy meets Execution Community post by Amir Montazery, Managing Director, Open Source Technology Improvement Fund In this blog post, we present an overview of independent audits conducted at the end of 2021 and first half of 2022….
2022 Argo external security audit: Lessons learned
Project post cross-posted from the Argo Blog by Michael Crenshaw In early 2022, the Argo team and CNCF began work with Ada Logics to perform a security audit on the four Argo projects. Ada Logics discovered a number…
Announcing the completion of Linkerd’s 2022 Security Audit
Linkerd project cross-post by William Morgan Today we’re happy to announce the completion of Linkerd’s annual security audit, conducted by Trail of Bits and funded by the Cloud Native Computing Foundation. As part of Linkerd’s commitment to openness, transparency, and security…