The Cloud Native Computing Foundation released their first Project Journey Report for Kubernetes. This is the first of several such reports they’ll be issuing for CNCF graduated projects. Here’s the backstory.
The largest CNCF-hosted project is Kubernetes. It is the most widely used container orchestration platform today, often described as the “Linux of the cloud”. CNCF’s efforts to nurture the growth of Kubernetes span a wide range of activities from organizing and running the enormously successful Kubecon + CloudNativeCon events to creating educational MOOCs and end user communities to certifying that different versions of Kubernetes are conformant. We even underwrite security audits. All of this is funded by CNCF’s membership dues and revenues from sponsorship and registration at our conferences.
Continue reading “CNCF released Kubernetes Project Journey Report”
Last year, the Cloud Native Computing Foundation (CNCF) began the process of performing and open sourcing third-party security audits for its projects in order to improve the overall security of our ecosystem. The idea was to start with a handful of projects and gather feedback from the CNCF community as to whether or not this pilot program was useful. The first projects to undergo this process were CoreDNS, Envoy and Prometheus. These first public audits identified security issues from general weaknesses to critical vulnerabilities. With these results, project maintainers for CoreDNS, Envoy and Prometheus have been able to address the identified vulnerabilities and add documentation to help users.
Continue reading “Open Sourcing the Kubernetes Security Audit”