Is Thanos FIPS compliant?

[thesanketnavale]

Our organization wants to make sure it uses all FIPS compliant tools.

To be FIPS compliant, an organization must adhere to the various data security and computer system standards outlined in the Federal information processing standards (FIPS).

Want inputs on whether Thanos is FIPS compliant.

[GiedriusS]

See previous issue here https://github.com/thanos-io/thanos/issues/3997. Maybe you know what is missing?

[douglascamata]

Thanos is not FIPS compliant because the Go compiler doesn't ship with FIPS compliant crypto functions by default.

@thesanketnavale your organization can adopt a modified, FIPS compliant, Go compiler and build it on your own. You can also use GOEXPERIMENT=boringcrypto with the standard compiler.

There's more information regarding FIPS and Go on https://medium.com/cyberark-engineering/navigating-fips-compliance-for-go-applications-libraries-integration-and-security-42ac87eec40b.