Linux Foundation security scanning results for K8s

42 views
Skip to first unread message

Lubomir I. Ivanov

unread,
Dec 3, 2020, 11:38:19 AM12/3/20
to kubernetes-...@googlegroups.com, Davanum Srinivas
hello, SIG Security.

this is Lubomir from SIG Cluster Lifecycle.

the Linux Foundation recently started doing security scanning of
projects including Kubernetes and they have shared the results for
that here:
https://security.lfx.linuxfoundation.org/#/
the tooling seems new and may be producing a lot of false positives.

i was told that obtaining access to these results for Kubernetes is
not possible for arbitrary contributors and is gated by the k8s
Product Security Committee. i tried contacting the PSC about this (on
Monday) to get their position on this topic, but i'm yet to receive a
reply.

is this something that you have been watching and what are your
thoughts about it?

thanks!
lubomir
--

Stephen Augustus

unread,
Dec 3, 2020, 11:49:19 AM12/3/20
to Lubomir I. Ivanov, kubernetes-se...@googlegroups.com, kubernetes-...@googlegroups.com, Davanum Srinivas, release-...@kubernetes.io
+security-discuss

--
You received this message because you are subscribed to the Google Groups "kubernetes-sig-security" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-sig-se...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/kubernetes-sig-security/CAGDbWi90mnEfNmEtwjuHTxK4jDkeyTVgSqDUchWzpiAWUSkJaA%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages