Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KubeArmor Security Self Assessment #1430

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

KubeArmor Security Self Assessment #1430

wants to merge 1 commit into from

Conversation

daemon1024
Copy link

@daemon1024 daemon1024 commented Dec 17, 2024
edited
Loading

The initial self-assessment for KubeArmor as recommended in (#1372).
We are gearing up towards incubation cncf/toc#1326

Authors:. @daemon1024

@netlify Netlify
Copy link

netlify bot commented Dec 17, 2024
edited
Loading

Deploy Preview for tag-security ready!

Name Link
🔨 Latest commit 4398e8b
🔍 Latest deploy log https://app.netlify.com/sites/tag-security/deploys/677e5e0572149b0008a00b9e
😎 Deploy Preview https://deploy-preview-1430--tag-security.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

nyrahul
nyrahul suggested changes Dec 26, 2024
View reviewed changes
Copy link

@nyrahul nyrahul left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. Please find my comments.

@ssyedhadi14 ssyedhadi14 mentioned this pull request Jan 6, 2025
Open
35 tasks
@nyrahul
Copy link

nyrahul commented Jan 7, 2025

@daemon1024 , can you please handle the checks failures? Thanks

@daemon1024 daemon1024 force-pushed the kubearmor-security-self-assessment branch 2 times, most recently from 65fc70d to 67f85ac Compare January 8, 2025 11:10
@daemon1024
KubeArmor Security Self Assessment
4398e8b 
Signed-off-by: daemon1024 <barun1024@gmail.com>
@daemon1024 daemon1024 force-pushed the kubearmor-security-self-assessment branch from 67f85ac to 4398e8b Compare January 8, 2025 11:14
@daemon1024
Copy link
Author

All handled @nyrahul, Thanks for the review.

@daemon1024 daemon1024 mentioned this pull request Jan 24, 2025
Closed
brandtkeller
brandtkeller approved these changes Jan 29, 2025
View reviewed changes
Copy link
Collaborator

@brandtkeller brandtkeller left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe this meets the criteria required for acceptance. Content is well presented and provides clarity to the security of the project and steps taken.

I do see early mentions of compliance capabilities (and video links with compliance topics) - while noting:

KubeArmor does not document meeting particular compliance standards.

I have no issue with this stance - but there may be some compliance objectives that KubeArmor helps satisfy that may be a great addition in the future.

JustinCappos
JustinCappos reviewed Jan 29, 2025
View reviewed changes
community/assessments/projects/kubearmor/self-assessment.md

### Goals

The goal of the KubeArmor project is to help enforce mandatory access controls and provide observability on processes running inside containers or on host, be it Kubernetes or non orchestrated nodes and containers.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be better to be more precise about these. Please break them into smaller sub-points as is needed.

JustinCappos
JustinCappos reviewed Jan 29, 2025
View reviewed changes
community/assessments/projects/kubearmor/self-assessment.md

### Non-goals

KubeArmor is not a general purpose policy engine or a CNI.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Likewise here. It's worth explaining in more detail what issues you assume other systems are solving for you.

JustinCappos
JustinCappos requested changes Jan 29, 2025
View reviewed changes
Copy link
Collaborator

@JustinCappos JustinCappos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the goals and non-goals could use some work before merging. Something like 3-5 points for each. Otherwise, my feeling is that it's a little light but passable. If they do a joint assessment, more work will be needed to flesh out the design and other aspects.

@daemon1024
Copy link
Author

Thank you for the reviews

@brandtkeller KubeArmor can help enforce compliance, but the project is not compliant to something like SLSA 3 compliance #1164 we do have an action item for it

My understanding was if the project itself is fully compliant to a certain complaince framework. Please correct me if I am wrong.

@JustinCappos I will update the goals and non goals with more details.
We are up for a joint assessment and happy to provide any deeper details for any part of the architecture.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JustinCappos JustinCappos JustinCappos requested changes

@nyrahul nyrahul nyrahul requested changes

@brandtkeller brandtkeller brandtkeller approved these changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@daemon1024 @nyrahul @JustinCappos @brandtkeller