hello, SIG Security.
this is Lubomir from SIG Cluster Lifecycle.
the Linux Foundation recently started doing security scanning of
projects including Kubernetes and they have shared the results for
that here:
https://security.lfx.linuxfoundation.org/#/
the tooling seems new and may be producing a lot of false positives.
i was told that obtaining access to these results for Kubernetes is
not possible for arbitrary contributors and is gated by the k8s
Product Security Committee. i tried contacting the PSC about this (on
Monday) to get their position on this topic, but i'm yet to receive a
reply.
is this something that you have been watching and what are your
thoughts about it?
thanks!
lubomir
--
--
You received this message because you are subscribed to the Google Groups "kubernetes-sig-security" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-sig-se...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/kubernetes-sig-security/CAGDbWi90mnEfNmEtwjuHTxK4jDkeyTVgSqDUchWzpiAWUSkJaA%40mail.gmail.com.