The Open Source Technology Improvement Fund is proud to share the results of our security audit of Inspektor Gadget. Inspektor Gadget is a collection of open source libraries and tools for data collection and inspection of Kubernetes clusters and Linux hosts. With the help of Shielder and the Cloud Native Computing Foundation (CNCF), this project received a security audit reviewing Inspektor Gadget’s core components.
Audit Process:
Executed during early 2026, this engagement consisted of thirty-five person-days of effort between two Shielder auditors. The audit included the collaborative development of a threat model, manual and AI-assisted code review, dynamic testing, and static analysis on the core components. While Inspektor Gadget leverages eBPF to execute its functionality, the security of the eBPF validator and WASM runtime are out of scope of this threat model and audit.
Audit Results:
- 3 Findings with Security Impact- all patched
- 2 Medium
- 1 Low
- 6 Hardening Recommendations
- Formal Threat Model
- Future Security Work Recommendations
Microsoft engineers Francis Laniel and Mauricio Vasquez represented Inspektor Gadget as project maintainers. They worked directly with Shielder auditors during the engagement to align on scope, vulnerability impact, and fix resolution. They addressed all three issues and are working on incorporating the six hardening recommendations. Update to the newest release of the project to take advantage of this hard work by the maintainers and auditors, and if you would like to contribute to Inspektor Gadget, visit their contributor webpage.
Thank you to the individuals and groups that made this engagement possible:
- Inspektor Gadget maintainers and community, especially: Francis Laniel and Mauricio Vasquez
- Shielder: Davide Silvetti, Nicolò Daprelà, Pietro Tirenna, and Abdel Adim Oisfi
- Cloud Native Computing Foundation
You can read the Audit Report HERE
You can read Inspektor Gadget’s Blog HERE
You can read Shielder’s Blog HERE
You can read Microsoft’s Blog HERE
Everyone around the world depends on open source software. If you’re interested in financially supporting this critical work, reach out to [email protected] and follow our meetup calendar: https://lu.ma/ostif-meetups