Search results for: security audit

eWeek: "Envoy CNCF project completes security audit, delivers new release"

Posted on March 23, 2018

The Cloud Native Computing Foundation (CNCF) has begun a process of performing third-party security audits for its projects, with the first completed audit coming from the Envoy proxy project. The Envoy proxy project was created by ride-sharing company…

OSTIF’s audit of Argo is complete. Critical and high severity security issues found and fixed.

Posted on July 19, 2022 | By OSTIF

Community post originally published on OSTIF’s blog Open Source Technology Improvement Fund is happy to report the results of yet another security audit, this time of the Argo project. The Argo project is a collection of tools for getting work done…

OSTIF’s audit of KubeEdge is complete. Multiple security issues found and fixed.

Posted on July 11, 2022

Community post originally published on the OSTIF blog Open Source Technology Improvement Fund ( is thrilled to report the results of a security audit of KubeEdge. KubeEdge is an edge computing framework built on top of Kubernetes and…

Kubernetes audit log – gold mine for security

Posted on December 20, 2019

In the security world, one of the most established methods to identify that a system was compromised, abused or mis-configured is to collect logs of all the activity performed by the system’s users and automated services and to…

DevClass: "Security researchers go deep on Helm’s code under CNCF audit process"

Posted on November 5, 2019

The Helm project has passed its mandatory CNCF security audit status, apparently with flying colours.

HelpNetSecurity: "Kubernetes security matures: Inside the project’s first audit"

Posted on August 12, 2019

Auditing 1.5 million lines of code is a heroic undertaking. With resources provided by the Cloud Native Computing Foundation (CNCF), the Kubernetes Project leadership created the Security Audit Working Group to perform an audit in an open, transparent,…

Only one label to improve your Kubernetes security posture, with the Pod Security Admission (PSA) — just do it!

Posted on October 12, 2023

Community post originally published on Medium by Mathieu Benoit In Kubernetes 1.25 as stable (and since 1.23 as beta), the Pod Security admission (PSA) controller replaces PodSecurityPolicy (PSP), making it easier to enforce predefined Pod Security Standards (PSS) by simply adding a label to…

Kubernetes security: best practices for Kubernetes secrets management

Posted on September 28, 2023 | By John Walsh

Guest post originally published on the CyberArk blog by John Walsh Kubernetes has come a long way since its inception. But as the adoption of containerization has grown, Kubernetes security continues to be top of mind. Red Hat’s “The State of…

Automated security in GitOps pipelines with Weave Policy Engine

Posted on August 31, 2023 | By Twain Taylor

Member post originally published on the Weaveworks blog by Twain Taylor Discover the power of Weave Policy Engine for automated security in GitOps pipelines. Strengthen your Kubernetes applications’ security and compliance with policy-as-code enforcement. Learn more. Enterprises stepping…

Supply chain security framework: S2C2F

Posted on August 4, 2023

Guest post originally published on the SIGHUP blog by Simone Ragonesi In this article, we will introduce you to S2C2F. The Secure Supply Chain Consumption Framework is a combination of requirements and tools for any organization to adopt…