Etcetera 37 Ping us! 38 web: https://www.goharbor.io gh: https://github.com/goharbor slack: slack.cncf.io (#habor and #harbor-dev) 39 Thank you!

Commons 4.0 (CC BY 4.0) CNCF security and fuzzing audits This report details a fuzzing audit commissioned by the CNCF and the engagement is part of the broader efforts carried out by CNCF in securing the so�ware so�ware in the CNCF landscape. Demonstrating and ensuring the security of these so�ware packages is vital for the CNCF ecosystem and the CNCF continues to use state of the art techniques to secure its projects projects as well as carrying out manual audits. Over the last handful of years, CNCF has been investing in security audits, fuzzing and so�ware supply chain security that has helped proactively discover

audit. In this report, we present the work and results from the audit. The audit was funded by the CNCF who hosts Vitess as a graduated project. Results summarised 12 security issues found 2 CVEs assigned fuzzers by cloning the upstream Vitess Github repository to get the latest Vitess source code and the CNCF-Fuzzing Github repository to get the latest set of fuzzers, and then builds the fuzzers against the verify that a given issue has been fixed. Vitess's fuzzers reside in CNCF's dedicated fuzzing repository, https://github.com/cncf/cncf-fuzzing, in which the community maintains them. In addition, community

Components Contrib (ADA-DAPR-23-7). We added all fuzzers to Daprs integration at https://github.com/cncf/cncf-fuzzing/tree/main/projects/dapr. When OSS-Fuzz builds Daprs fuzzers, it pulls them from there and well-cra�ed requests to the ratelimit middleware component can cause harm. URL: https://github.com/cncf/cncf-fuzzing/blob/7ed5200c931ff9277d0cd7f587d8792295cd597d /projects/dapr/fuzz_components_contrib_ratelimiter_test authorization header of incoming requests. 15 Dapr security audit 2023 URL: https://github.com/cncf/cncf-fuzzing/blob/d9711dcf18a17cb8671b0b80023eabf2b557a9f5 /projects/dapr/fuzz_components_contrib_azure_eventgrid_test

public cloud provider’s distributions, including EKS, AKS and GKE as well as RKE, RKE2 and K3s or any CNCF-conformant Kubernetes distribution. All the SUSE Rancher features are available for any managed Kubernetes operators achieve better business continuity across their platforms and applications. These include the CNCF Incubation project Longhorn, which enables powerful, highly available persistent block storage to was accepted as a CNCF Sandbox project. Fleet enables SUSE Rancher to support up to one million clusters from a single console with built-in security capabilities, running any CNCF-certified Kubernetes

2022 CNCF Graduation Ambient Mesh A new dataplane mode for Istio without sidecars. Graduated Announcing Istio's graduation within the CNCF Join CNCF Istio has applied to become a CNCF project Reflecting on the Value of Community Housekeeping • View the full IstioCon-VIRTUAL schedule • Abide by CNCF Code of Conduct • Use the official #IstioCon in your social conversations • Join #istiocon slack

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Vitess becomes a CNCF project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 CNCF Webinar 2020 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 6 CNCF Meetup Paris 2019 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

under the Application Delivery special interest group (SIG) in the Cloud Native Computing Foundation (CNCF) [1.8]. By the end of 2020, the GitOps Working Group was bootstrapped and became an official working certification through standardized documents and code. OpenGitOps is currently a sandbox project within the CNCF. In October 2021, the GitOps Working Group released the OpenGitOps Principles [1.10], a set of principles https://www.weave.works [1.7] https://www.weave.works/blog/the-history-of-gitops [1.8] https://www.cncf.io [1.9] https://opengitops.dev [1.10] https://github.com/open-gitops/documents/releases/tag/v1

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Vitess becomes a CNCF project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 CNCF Webinar 2020 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2019 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 CNCF Meetup Paris 2019 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .