The Open Source Technology Improvement Fund is proud to share the results of our security audit of Inspektor Gadget. Inspektor Gadget is a collection of open source libraries and tools for data collection and inspection of Kubernetes clusters and Linux hosts. With the help of Shielder and the Cloud Native…
For the past 4 years, OSTIF has run a Managed Audit Program for the CNCF. We’ve audited 33 projects in that time, working with maintainers all over the world to reinforce the security health of cloud native open source for billions of end users. Security audits are an effective, sustainable…
2025 marked the 10th year of OSTIF. This year, we published 24 audits, worked on behalf of almost 50 projects, and partnered with 10 different funding bodies to create security outcomes for open source projects. As a result, 231 findings with security impact have been reported and over 98% of…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of CRI-O. CRI-O is an implementation of the Kubernetes Container Runtime Interface (CRI) that is OCI-compliant (-O) that provides the backend between OCI-format container images and the Kubernetes control plane. With the help of…
The Open Source Technology Improvement Fund (OSTIF) is proud to share the results of our security audit of KubeVirt. KubeVirt is short for Kubernetes Virtualization, as the project is an API and runtime for managing virtual machines. With the help of Quarkslab and the Cloud Native Computing Foundation (CNCF), this…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of Volcano. Volcano is an open source cloud native batch scheduling system offering among other things queue management and multi-cluster scheduling. With the help of Ada Logics and the Cloud Native Computing Foundation (CNCF),…
OSTIF is proud to share the results of our security audit of NATS. NATS is an open source project made by Synadia Communications for secure always-on messaging for a variety of digital formats and clients. With the help of Trail of Bits and the Cloud Native Computing Foundation, this project…
The Open Source Technology Improvement Fund is proud to share the results of our security audit of ztunnel. ztunnel is the open source node proxy implementation of Istio’s ambient mesh mode. Moving forward from this collaboration between Istio, Trail of Bits, and the Cloud Native Computing Foundation, there is reasonable…
The Open Source Technology Improvement Fund (OSTIF) is proud to share the results of our security audit of Linkerd. Linkerd is an open source service mesh for Kubernetes which prioritizes reliability, security, and simplicity. Thanks to the help of 7ASecurity and the Cloud Native Computing Foundation, this project can continue…
OSTIF is proud to share the results of our second security audit of Notary Project. Notary Project is “a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts.”* With the help of Quarkslab and…