cncf / tag-security

🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!
https://tag-security.cncf.io
Other
2.06k stars 515 forks source link

[Presentation] Kyverno Status Overview #1341

Open realshuting opened 3 months ago

realshuting commented 3 months ago

Title: Kyverno Status Overview

Speakers: @realshuting, @JimBugwadia

Description: Give an update about Kyverno since its incubation two years ago, talk about the latest architecture and use cases. Related to Kyverno's Graduation Application, previous self-assessment.

Time: How long will the presentation take? (10 minutes)

Availability: August 21st 10 AM PT, August 28th 10 AM PT

TO DO

matthewflannery commented 2 months ago

Following..

eddie-knight commented 2 months ago

Hi @realshuting! It seems this slipped through the cracks, I apologize for the delay responding!

Would you like to present on September 11 at 10PT?

realshuting commented 2 months ago

Hi @realshuting! It seems this slipped through the cracks, I apologize for the delay responding!

Would you like to present on September 11 at 10PT?

Sounds great, I look forward to the presentation!

mnm678 commented 1 month ago

Template for TAG recommendation to TOC

Project Overview

Ecosystem Adoption

What ecosystem adoption has the project seen?

Great ecosystem adotion:

Past TOC Reviews

How has the project addressed comments from previous reviews (incubation if graduation, sandbox if incubating, etc)?

The project has clarified how it differentiates from other security projects in the space, has developed and maintained a roadmap, and has clarified their governance.

Security Reviews

TAG Security Assessments

Has the project completed a TAG Security Self-Assessment and/or Joint Assessment? If yes, please add a link and discuss how this has impacted their security posture.

Yes, Kyverno has a self assessment through security pals

Security Audit

Has the project completed an external security audit? If yes, how have they addressed the findings?

Kyverno has had a third party audit and fuzzing found a few issues which were addressed: https://main.kyverno.io/blog/2023/11/28/kyverno-completes-third-party-security-

Best Practices

Metrics

Which security best practices does the project follow (for example CNCF best practices badge, OpenSSF Best Practices, CLO monitor), and how does it rate by these metrics?

Kyverno has strong compliance with several best practices:

Sub-project Considerations

If the project has sub-projects, how does their security posture compare to the base project?

N/A

TAG Recommendation to the TOC

Kyverno has seen strong adoption and attention to security best practices. They have created a detailed threat model for the project and achieved an impressive SLSA 3 compliance. Based on this, we recommend the project for graduation.

Without blocking graduation, we recommend the project pursues a TAG Security joint assessment.