The Notary project completes fuzzing security audit
Community post also published on the Notary blog by Adam Korczynski, David Korczynski, and Feynman Zhou Reviewed by Pritesh Bandi, Samir Kakkar, Shiwei Zhang, Toddy Mladenov, Vani Rao, Yi Zha The Notary Project is happy to announce the…
“A well-secured project”: Cilium security audits 2022 published
Project post by Liz Rice, Isovalent, for the Cilium project One of the benefits for CNCF projects is the funding of third-party security audits and testing. These help projects identify potential vulnerabilities in their code and process improvements…
Istio publishes results of 2022 security audit
Project post originally published on the Istio blog by Craig Box Security review of Istio finds a CVE in Go standard library Istio is a project that platform engineers trust to enforce security policy in their production Kubernetes…
Backstage security audit & updates
Project post originally posted on the Backstage blog by Patrik Oldsberg, Spotify TL;DR: Backstage’s security posture continues to mature! Today, we’re releasing a report from an independent security audit and the first version of the Backstage Threat Model….
Improving CNCF security posture with independent security audits
When Policy meets Execution Community post by Amir Montazery, Managing Director, Open Source Technology Improvement Fund In this blog post, we present an overview of independent audits conducted at the end of 2021 and first half of 2022….
2022 Argo external security audit: Lessons learned
Project post cross-posted from the Argo Blog by Michael Crenshaw In early 2022, the Argo team and CNCF began work with Ada Logics to perform a security audit on the four Argo projects. Ada Logics discovered a number…
Announcing the completion of Linkerd’s 2022 Security Audit
Linkerd project cross-post by William Morgan Today we’re happy to announce the completion of Linkerd’s annual security audit, conducted by Trail of Bits and funded by the Cloud Native Computing Foundation. As part of Linkerd’s commitment to openness, transparency, and security…
Ada Logics: CRI-O holistic security audit engagement
Community post originally on the Ada Logics blog by David Korczynski, Security Research & Security Engineering and Adam Korczynski, Security Engineering & Security Automation, Ada Logics Ada Logics Ltd. recently performed a holistic security audit of CRI-O. CRI-O is…
Flux Security Audit has concluded
Project post cross-posted from the Flux blog As Flux is an Incubation project within the Cloud Native Computing Foundation, we were graciously granted a sponsored audit. The primary aim was to assess Flux’s fundamental security posture and to…
Open sourcing the SPIFFE/SPIRE security audit
A few years back, CNCF began performing and open sourcing third-party security audits for projects to improve the overall security of our ecosystem. These audits have helped identify security issues, from general weaknesses to critical vulnerabilities, and given…