Flux just went through its second CNCF-funded Security Audit. Here we publicly release and discuss the report.
We’ll talk about one of the newest support in Flux v0.36 that enables you to prove the authenticity of the Helm charts we manage through the HelmChart resources with the help of the cosign integration.
We’ll talk about integration of the cosign tool, which is a tool for signing and verifying the given container images, blobs, etc, that we used to prove the authenticity of the OCI Artifacts we manage through the OCIRepository resources.
The Flux Team has found three security vulnerabilities in Flux, Today we will go through them and talk about what this may mean to you. We strongly advise you to upgrade your clusters as soon as you can. 🔒
pod security standards is a recent addition to Kubernetes, coming to replace pod security policies. Alongside seccomp, it provides greater isolation levels to workloads. Read up on how we moved all Flux controllers to ‘restricted’ mode and how that’s going to keep you safer.
ADA Logics helped us moving to Fuzzing as part of their security audit. We finally implemented this for all Flux controllers. Learn here how this keeps you safer.
Next up in our series of blog posts about Flux’s security considerations. This time: image provenance - how to make it part of your workflow and how it keeps you safe.
The first in our series of blog posts about Flux’s security considerations. This time: what a Software Bill of Materials can do to keep you safe.
Flux just went through a CNCF-funded Security Audit. Here we publicly release and discuss the report. We also disclose our first CVE, which was fixed in Flux v0.18.0 - please upgrade as soon as you can!