Search results for: security audit


Continued security improvements to CNCF projects with OSTIF audits

Posted on December 12, 2024

The Open Source Technology Improvement Fund, Inc (OSTIF) is thrilled to mark another successful year of helping CNCF projects with security audits. Since this partnership began in 2021, a total of 13 projects have graduated following…


Cloud Custodian completes audit to strengthen security posture and enable continuous assessment

Posted on April 19, 2024

Project post by Cloud Custodian maintainers The Cloud Custodian maintainers are happy to complete a successful security audit with Ada Logics. The Open Source Technology Improvement Fund (OSTIF) facilitated this audit, which was generously funded by…


OSTIF’s audit of Argo is complete. Critical and high severity security issues found and fixed.

Posted on July 19, 2022 | OSTIF

Community post originally published on OSTIF’s blog Open Source Technology Improvement Fund is happy to report the results of yet another security audit, this time of the Argo project. The Argo project is a collection of tools for getting…


OSTIF’s audit of KubeEdge is complete. Multiple security issues found and fixed.

Posted on July 11, 2022

Community post originally published on the OSTIF blog Open Source Technology Improvement Fund (ostif.org) is thrilled to report the results of a security audit of KubeEdge. KubeEdge is an edge computing framework built on top of…


Kubernetes audit log – gold mine for security

Posted on December 20, 2019

In the security world, one of the most established methods to identify that a system was compromised, abused or mis-configured is to collect logs of all the activity performed by the system’s users and automated services…


DevClass: "Security researchers go deep on Helm’s code under CNCF audit process"

Posted on November 5, 2019

The Helm project has passed its mandatory CNCF security audit status, apparently with flying colours.


HelpNetSecurity: "Kubernetes security matures: Inside the project’s first audit"

Posted on August 12, 2019

Auditing 1.5 million lines of code is a heroic undertaking. With resources provided by the Cloud Native Computing Foundation (CNCF), the Kubernetes Project leadership created the Security Audit Working Group to perform an audit in an…


Security Profiles Operator v1: Stable APIs, Security Hardened, and Shaping Upstream Kubernetes

Posted on June 26, 2026 | Sascha Grunert (Red Hat)

Linux provides powerful kernel-level security mechanisms, seccomp, SELinux, and AppArmor, that restrict what containerized workloads can do. Each uses profiles that define permitted behavior, but writing, distributing, and maintaining those profiles by hand is tedious and…


Why cloud native belongs at the heart of agentic AI: Lessons from building a multi-agent security platform on Kubernetes

Posted on June 17, 2026 | Willem Berroubache, Lead Security Architect (Orange Innovation) and CNCF Golden Kubestronaut.

In March, I gave a talk at KubeCon + CloudNativeCon Europe 2026 in Amsterdam. After the session, the same questions kept coming up on the CNCF Slack and in person: why build agentic AI on cloud…


Building a cloud native internal developer platform with Kubernetes, GitOps, and supply chain security

Posted on May 29, 2026 | Abu Hena Mostafa Kamal, CNCF Kubestronaut and Senior Software Engineer

Modern software delivery is no longer constrained by application code — it is constrained by the platform that runs it. This article presents the design of a cloud-native Internal Developer Platform (IDP) built on Kubernetes and…