hello, SIG Security.
this is Lubomir from SIG Cluster Lifecycle.
the Linux Foundation recently started doing security scanning of
projects including Kubernetes and they have shared the results for
the tooling seems new and may be producing a lot of false positives.
i was told that obtaining access to these results for Kubernetes is
not possible for arbitrary contributors and is gated by the k8s
Product Security Committee. i tried contacting the PSC about this (on
Monday) to get their position on this topic, but i'm yet to receive a
is this something that you have been watching and what are your
thoughts about it?