OSTIF is proud to share the results of our security audit of CloudCustodian. CloudCustodian is an open source rules engine for cloud infrastructure management. Thanks to the help of Ada Logics and the Cloud Native Computing Foundation, this project underwent a third-party security audit to help strengthen CloudCustodian’s security as…
OSTIF is proud to share the results of our security audit of cert-manager. Cert-manager is an open source project for certificate management in Kubernetes. With the help of Ada Logics and the Cloud Native Computing Foundation, this project can apply for graduation through the CNCF. Audit Process: In order to…
OSTIF and the CNCF are proud to announce the completion of a security audit of CubeFS. The project, which provides cloud-native storage across a variety of access protocols, was audited by the team at Ada Logics during the Fall of 2023. The security audit for CubeFS was designed to be…
We at OSTIF are excited to announce the 2023 Cloud Native Computing Foundation Audit Impact Report. This is the second year of the program between the two organizations, which combines funding and projects from the CNCF with OSTIF’s auditing resources to synthesize security engagements. Over the last two years, this collaboration…
OSTIF is happy to announce the completion of Knative’s security audit. The audit covered the core sub projects of Knative: Eventing, Serving and Pkg with minor focus on Knative extensions, Func and Security-Guard. The audit was a holistic audit, covering different aspects of Knative’s security including threat modeling, manual code…
Open source project Kyverno completed a security audit by OSTIF and Ada Logics in the fall of 2023 in continued partnership with the CNCF. This engagement was organized to be a holistic review of the Kubernetes policy engine, including threat modeling, manual code auditing, fuzzing and supply-chain review. The security…
OSTIF is proud to announce the publication of a security audit on the Kubernetes cluster tooling Flux in collaboration with Trail of Bits. Performed over four engineer weeks, this is the second security audit with OSTIF that Flux has undertaken, the first having taken place in November 2021. Repeated security…
OSTIF and wasmCloud collaborated with Trail of Bits on a security audit of the application which is a deployment platform for distributed Wasm application development. The engagement priorities are listed as, but not limited to: wasmCloud sandboxing capabilities of user-provided code, if users were appropriately limited in their accessible features…
This summer, over four engineer weeks, Trail of Bits and OSTIF collaborated on a security audit of DragonFly. A CNCF Incubating Project, DragonFly functions as file distribution for peer-to-peer technologies. Included in the scope was the sub-project Nydus’s repository that works in image distribution. The engagement was outlined and framed…
In May and June of 2023, OSTIF and ADA Logics worked with the open source project Dapr on a holistic security audit. The Distributed Application Runtime (or Dapr) is a project for building distributed applications across cloud and edge. It is an easy, portable, and serverless way to build sustainable…