OSTIF and X41-Dsec collaborated with OpenSearch on a security audit on v. 2.8.0 of the open source search engine. As a search engine, this project handles sensitive data and therefore security is of utmost importance to project users, maintainers, and community. The main objective of this security audit was to…
OSTIF and Trail of Bits coordinated and executed a security audit of Eclipse JKube, an Eclipse Foundation project. Eclipse JKube is an assembly of plugins and libraries for building container images using Docker, JIB or S2I build strategies. The project escorts Java applications to Kubernetes and OpenShift by forcing through…
This summer, over four engineer weeks, Trail of Bits and OSTIF collaborated on a security audit of DragonFly. A CNCF Incubating Project, DragonFly functions as file distribution for peer-to-peer technologies. Included in the scope was the sub-project Nydus’s repository that works in image distribution. The engagement was outlined and framed…
In May and June of 2023, OSTIF and ADA Logics worked with the open source project Dapr on a holistic security audit. The Distributed Application Runtime (or Dapr) is a project for building distributed applications across cloud and edge. It is an easy, portable, and serverless way to build sustainable…