KubeArmor Security Self Assessment #1430
Conversation
✅ Deploy Preview for tag-security ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
|
@daemon1024 , can you please handle the checks failures? Thanks |
daemon1024
force-pushed
the
kubearmor-security-self-assessment
branch
2 times, most recently
from
65fc70d to
67f85ac
Compare
Signed-off-by: daemon1024 <[email protected]>
daemon1024
force-pushed
the
kubearmor-security-self-assessment
branch
from
67f85ac to
4398e8b
Compare
|
All handled @nyrahul, Thanks for the review. |
There was a problem hiding this comment.
I believe this meets the criteria required for acceptance. Content is well presented and provides clarity to the security of the project and steps taken.
I do see early mentions of compliance capabilities (and video links with compliance topics) - while noting:
KubeArmor does not document meeting particular compliance standards.
I have no issue with this stance - but there may be some compliance objectives that KubeArmor helps satisfy that may be a great addition in the future.
|
|
||
| ### Goals | ||
|
|
||
| The goal of the KubeArmor project is to help enforce mandatory access controls and provide observability on processes running inside containers or on host, be it Kubernetes or non orchestrated nodes and containers. |
There was a problem hiding this comment.
It would be better to be more precise about these. Please break them into smaller sub-points as is needed.
|
|
||
| ### Non-goals | ||
|
|
||
| KubeArmor is not a general purpose policy engine or a CNI. |
There was a problem hiding this comment.
Likewise here. It's worth explaining in more detail what issues you assume other systems are solving for you.
There was a problem hiding this comment.
I think the goals and non-goals could use some work before merging. Something like 3-5 points for each. Otherwise, my feeling is that it's a little light but passable. If they do a joint assessment, more work will be needed to flesh out the design and other aspects.
|
Thank you for the reviews @brandtkeller KubeArmor can help enforce compliance, but the project is not compliant to something like SLSA 3 compliance #1164 we do have an action item for it My understanding was if the project itself is fully compliant to a certain complaince framework. Please correct me if I am wrong. @JustinCappos I will update the goals and non goals with more details. |
|
@daemon1024 do you want to revisit this PR, or should we close it out? |
|
This issue has been automatically marked as inactive because it has not had recent activity. |
5 participants
The initial self-assessment for KubeArmor as recommended in (#1372).
We are gearing up towards incubation cncf/toc#1326
Authors:. @daemon1024