Re: [k8s-sig-security] Linux Foundation security scanning results for K8s

[Stephen Augustus]

+security-discuss

On Thu, Dec 3, 2020, 11:38 Lubomir I. Ivanov <neol...@gmail.com> wrote:

hello, SIG Security.

this is Lubomir from SIG Cluster Lifecycle.

the Linux Foundation recently started doing security scanning of
projects including Kubernetes and they have shared the results for
that here:
https://security.lfx.linuxfoundation.org/#/
the tooling seems new and may be producing a lot of false positives.

i was told that obtaining access to these results for Kubernetes is
not possible for arbitrary contributors and is gated by the k8s
Product Security Committee. i tried contacting the PSC about this (on
Monday) to get their position on this topic, but i'm yet to receive a
reply.

is this something that you have been watching and what are your
thoughts about it?

thanks!
lubomir
--

--
You received this message because you are subscribed to the Google Groups "kubernetes-sig-security" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-sig-se...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/kubernetes-sig-security/CAGDbWi90mnEfNmEtwjuHTxK4jDkeyTVgSqDUchWzpiAWUSkJaA%40mail.gmail.com.