Open sourcing the Kubernetes security audit
Last year, the Cloud Native Computing Foundation (CNCF) began the process of performing and open sourcing third-party security audits for its projects in order to improve the overall security of our ecosystem. The idea was to start with…
SiliconANGLE: "Security audit reveals 34 vulnerabilities in Kubernetes code"
An audit released today by the Cloud Native Computing Foundation has uncovered no fewer than 34 vulnerabilities in the code for Kubernetes, the highly popular open-source container orchestration system.
Container Journal: "CNCF completes Kubernetes cybersecurity audit"
The Cloud Native Computing Foundation (CNCF) this week announced the results of its recent audit performed as part of its ongoing commitment to continuously improve Kubernetes security.
eWeek: "Envoy CNCF project completes security audit, delivers new release"
The Cloud Native Computing Foundation (CNCF) has begun a process of performing third-party security audits for its projects, with the first completed audit coming from the Envoy proxy project. The Envoy proxy project was created by ride-sharing company…
Cloud Custodian completes audit to strengthen security posture and enable continuous assessment
Project post by Cloud Custodian maintainers The Cloud Custodian maintainers are happy to complete a successful security audit with Ada Logics. The Open Source Technology Improvement Fund (OSTIF) facilitated this audit, which was generously funded by the Cloud…
OSTIF’s audit of Argo is complete. Critical and high severity security issues found and fixed.
Community post originally published on OSTIF’s blog Open Source Technology Improvement Fund is happy to report the results of yet another security audit, this time of the Argo project. The Argo project is a collection of tools for getting work done…
OSTIF’s audit of KubeEdge is complete. Multiple security issues found and fixed.
Community post originally published on the OSTIF blog Open Source Technology Improvement Fund (ostif.org) is thrilled to report the results of a security audit of KubeEdge. KubeEdge is an edge computing framework built on top of Kubernetes and…
Kubernetes audit log – gold mine for security
In the security world, one of the most established methods to identify that a system was compromised, abused or mis-configured is to collect logs of all the activity performed by the system’s users and automated services and to…
DevClass: "Security researchers go deep on Helm’s code under CNCF audit process"
The Helm project has passed its mandatory CNCF security audit status, apparently with flying colours.
HelpNetSecurity: "Kubernetes security matures: Inside the project’s first audit"
Auditing 1.5 million lines of code is a heroic undertaking. With resources provided by the Cloud Native Computing Foundation (CNCF), the Kubernetes Project leadership created the Security Audit Working Group to perform an audit in an open, transparent,…