Open PushkarJ opened 3 years ago
@PushkarJ: The label(s) area/config, area/testing, area/release-eng, area/release-eng/security
cannot be applied, because the repository doesn't have them.
cc @kubernetes/sig-security-leads / @tabbysable / @IanColdwater , @dims , @navidshaikh , @puerco , @justaugustus
/assign @PushkarJ
In addition to the SBOM item, you can find the images we produce in the SBOM to close this one:
Identify a list of container images managed by github.com/kubernetes/release
I can help with that!
/cc
I'd love to help with. Evaluate go vuln-db tool as an additional scanning tool
and any of the Container Images
- tasks.
I remember use talking about automation for updating k8s with latest debian-[base, iptables] images. Are we tracking that in this? I'd love to help with that.
/transfer sig-security
@PushkarJ: The label(s) area/config, area/testing, area/code-organization, area/release-eng, area/release-eng/security
cannot be applied, because the repository doesn't have them.
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
/remove-lifecycle stale
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
/remove-lifecycle stale
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
/remove-lifecycle stale
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
/remove-lifecycle rotten
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
/remove-lifecycle stale
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
/remove-lifecycle stale
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
/remove-lifecycle rotten
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
/remove-lifecycle stale
Goal: Implement automated scanning capabilities that are tool agnostic for identifying vulnerabilities in Kubernetes related artifacts, followed by a documented private triage process to resolve the identified vulnerability, with a programmable way for Kubernetes users to consume this vulnerability information.
Background
Over the years, multiple different community members in Security Response Committee (formerly PSC), SIG Release, Architecture, Security, Auth have contributed to several standalone efforts related to vulnerability management for https://github.com/kubernetes/kubernetes. We have made tremendous progress but there are still some opportunities to improve :-)
Scope
This issue is created to act as a single place to find current state of the work, in progress and planned work that fall in the overall theme of vulnerability management of Kubernetes artifacts. In scope artifacts include but are not limited to build time dependencies and container images. Adding any missing issues or related work as a comment is encouraged :-)
Artifact Vulnerability Scanning
Build time Dependencies
Container Images
Ongoing Maintenance
Triage Policy Definition and Implementation
Related Issues and PRs
/sig security release architecture auth /area config testing code-organization dependency release-eng release-eng/security /committee product-security /kind feature