Our Audit of sigstore is complete. High risk vulnerability found and fixed.

We’re excited to report the results for the security audit of sigstore.  Sigstore is a new standard for signing, verifying and protecting software; and has quickly grown into a premier tool for securing the software supply chain. The security review was facilitated by Open Source Technology Improvement Fund and carried…

Continue ReadingOur Audit of sigstore is complete. High risk vulnerability found and fixed.

Our Audit of Argo is Complete. Critical and High Severity Security Issues Found and Fixed.

Open Source Technology Improvement Fund is happy to report the results of yet another security audit, this time of the Argo project. The Argo project is a collection of tools for getting work done with Kubernetes. The main components of Argo audited are:  Argo Workflows - Container-native Workflow Engine Argo…

Continue ReadingOur Audit of Argo is Complete. Critical and High Severity Security Issues Found and Fixed.

Our Audit of KubeEdge is Complete. Multiple Security Issues Found and Fixed.

Open Source Technology Improvement Fund (ostif.org) is thrilled to report the results of a security audit of KubeEdge. KubeEdge is an edge computing framework built on top of Kubernetes and extends native containerized application orchestration and management to hosts at the edge. The result of this engagement is the finding…

Continue ReadingOur Audit of KubeEdge is Complete. Multiple Security Issues Found and Fixed.