• Community
  • Governance
  • Blog
  • Community
    • Assessments
      • Guide
        • Joint Assessment
        • Joint Readme Template
        • Project Lead
        • Review Survey
        • Security Reviewer
        • Self Assessment
      • Intake Process
      • Projects
        • Antrea
          • Self Assessment
        • Buildpacks
          • Self Assessment
        • Cert Manager
          • Self Assessment
        • Cloudevents
          • Images
          • Self Assessment
        • Cni
          • Docs
            • Lightweight Threat Assessment
          • Self Assessment
        • Confidential Containers
          • Self Assessment
        • Containerd
          • Self Assessment
        • Contour
          • Self Assessment
        • Coredns
          • Self Assessment
        • Cortex
          • Self Assessment
          • Threat Model
        • Cubefs
          • Self Assessment
        • Custodian
          • Joint Review
        • Dragonfly
          • Images
          • Joint Assessment
          • Self Assessment
        • Emissary Ingress
          • Self Assessment
        • External Secrets
          • Assets
          • Docs
            • Stride Threat Model
          • Self Assessment
        • Flatcar
          • Joint Assessment
          • Self Assessment
        • Fluentd
          • Fluent Bit
          • Fluentd
            • Self Assessment
          • Plugins
        • Flux
          • Self Assessment
        • Harbor
          • Docs
          • Self Assessment
        • In Toto
          • Self Assessment
        • Jaeger
          • Self Assessment
        • Karmada
          • Docs
          • Self Assessment
          • Threatmodeling
        • Keycloak
          • Docs
          • Self Assessment
        • Knative
          • Recommendations
          • Self Assessment
        • Kubescape
          • Self Assessment
        • Kyverno
          • Images
          • Self Assessment
        • Lima
          • Self Assessment
        • Linkerd
          • Self Assessment
        • Longhorn
          • Self Assessment
          • Threat Model
        • Microcks
          • Images
          • Self Assessment
        • Nats
          • Doc
            • Threat Modeling
          • Images
          • Self Assessment
        • Opa
          • Docs
          • Self Assessment
        • Open Telemetry
          • Self Assessment
        • Openebs
          • Self Assessment
        • Openfga
          • Joint Assessment
          • Self Assessment
        • Openkruise
          • Self Assessment
          • Threat Model
        • Openmetrics
          • Self Assessment
        • Openyurt
          • Self Assessment
        • Operator Framework
          • Self Assessment
        • Pixie
          • Self Assessment
        • Rook
          • Self Assessment
        • Spiffe Spire
          • Docs
          • Self Assessment
        • Thanos
          • Res
          • Self Assessment
        • Tikv
          • Self Assessment
          • Src
            • Imgs
          • Tikv Threat Model
        • Volcano
          • Recommendations
          • Self Assessment
          • Threat Analysis
        • Wasmcloud
          • Self Assessment
        • Wasmedge
          • Self Assessment
    • Assets
      • Tag Emeritus Leaders
    • Catalog
      • Compromises
        • 1975
          • Login Bell
        • 2003
          • Debian
          • Gentoo Rsync
          • Kernel Repository
        • 2007
          • Squirrelmail
          • Wordpress
        • 2008
          • Fedora
        • 2010
          • Apache
          • Aurora
          • Fsf Website
          • Proftpd
        • 2011
          • Kernelorg
        • 2012
          • Ruby On Rails Github
        • 2013
          • Apt
        • 2014
          • Code Spaces
          • Monju
        • 2015
          • Ceph And Inktank
          • Juniper
          • Xcodeghost
        • 2016
          • Fosshub
          • Gh Unicode
          • Keydnap
          • Mint
        • 2017
          • Bitcoingold
          • Ccleaner
          • Elmedia
          • Expensivewall
          • Hacktask
          • Handbrake
          • Kingslayer
          • Notpetya
        • 2018
          • Aur
          • Colourama
          • Dofoil
          • Event_stream
          • Gentoo
          • Gogetu
          • Operation Red
          • Unnamed Maker
        • 2019
          • Canonical Github
          • Electron Native Notify
          • Monero
          • Pear
          • Purescript Npm
          • Pypi
          • Ros
          • Shadowhammer
          • Webmin Backdoor
        • 2020
          • Nodejs
          • Octopus_scanner
          • Solarwinds
          • Sonarqube
          • Thegreatsuspender
          • Trojanized Fdm
        • 2021
          • Coa Rc
          • Codecov
          • Homebrew
          • Klow Klown Okhsa
          • Log4j
          • Php
          • Repojacking
          • Travis Ci
          • Ua Parser Js
          • Vscode
        • 2022
          • Auth0 Source Code Leak
          • Comm100 Live Chat Trojan
          • Ctx And Phpass
          • Docker Hub Malicious Containers
          • Dropbox Github Account Breach
          • Fantasy
          • Golang Buildpacks Compiler
          • Intel Alder Lake BIOS Leak
          • Js Faker Colors
          • Node Ipc Peacenotwar
          • Okta Github Repo Leak
          • Php Pear Compromise
          • Pypi Malicious Packages
          • Ruby Override
          • Wp Apthemes
        • 2023
          • Fake Dependabot
          • Mathjs Min
          • Packagist Maintainer Takeover
          • Retool Portal Mfa
          • Xmlsec Manageengine
        • 2024
          • Gitgot
          • Laixi 3proxy
          • Polyfill
          • Solana_web3js
          • Targeted Signed Endoor
          • Xz
        • Compromise Definitions
    • Events
      • Cloud Native Security
    • Publications
      • Audio Versions
      • Authoring Guidelines
      • Paper Process
      • Publishing Protocols
      • Supply Chain Security Tools
        • Securing Artifacts
        • Securing Build Pipelines
        • Securing Deployments
        • Securing Materials
        • Securing Source Code
    • Resources
      • Automated Governance Maturity Model
      • Design
        • Colors
        • Logo
      • Landscape
        • Approach
        • Categories
      • Project Resources
        • Security Hygiene Guide
        • Templates
          • Embargo
          • Embargo Policy
          • Incident Response
          • ISSUE_TEMPLATE
          • SECURITY
          • SECURITY_CONTACTS
      • Provenance Implementation
        • Argo
          • Argo Cd
      • Security Fuzzing Handbook
        • Fuzzing Handbook
        • Imgs
      • Security Lexicon
        • Cloud Native Security Lexicon
      • Security Whitepaper
        • Cnsmap
        • Secure Defaults Cloud Native 8
        • V1
          • Cloud Native Security Whitepaper
          • Cloud Native Security Whitepaper Brazilian Portugese
          • Cloud Native Security Whitepaper Simplified Chinese
          • Cloud Native Security Whitepaper Spanish
          • Cnswp Images
          • Secure Software Factory
        • V2
          • Cloud Native Security Whitepaper
          • Cloud Native Security Whitepaper It
          • Cloud Native Security Whitepaper Ja
          • Cloud Native Security Whitepaper Simplified Chinese
          • Cnswp Images
      • Usecase Personas
        • References
          • Admin Bill Of Rights
    • Working Groups
      • Archive
        • Controls
          • Phase One Announcement
        • Policy
          • Overview Policy Build Time Dependency Vulns
          • Overview Policy Formal Verification
      • Automated Governance
      • Commons
      • Compliance
        • Content
          • Readme
      • Research
      • Supply Chain Security
        • Secure Software Factory
          • Images
          • Secure Software Factory
        • Supply Chain Security Paper
          • Secure Supply Chain Assessment
          • Sscsp
          • Sscsp Images
        • Supply Chain Security Paper V2
          • SSCBPv2
Edit this page Create issue
Cloud Native Computing Foundation logo
All CNCF Sites
© 2025 The CNCF Authors | Documentation Distributed under CC BY 4.0