Back to main page

Link Status	File On Github	Link Text & Destination
404	kubernetes-admission-control-threat-model.md	[Admission controller attack tree]
404	kubernetes-policy-management.md	[alt_text]
404	kubernetes-policy-management.md	[alt_text]
404	kubernetes-policy-management.md	[alt_text]
404	kubernetes-policy-management.md	[alt_text]
404	kubernetes-policy-management.md	[Cloud Native Security Whitepaper]
404	kubernetes-policy-management.md	[alt_text]
404	README.md	[2021]
404	RFP.md	[bug bounty program]
404	RFP.md	[bug bounty program]
404	RFP.md	[Kubernetes Security Review]
404	RFP.md	[Whitepaper]
404	RFP.md	[Threat Model]
404	README.md	[Security Response Committee]
200	CONTRIBUTING.md	[community]
200	CONTRIBUTING.md	[code of conduct]
200	CONTRIBUTING.md	[Contributor License Agreement]
200	CONTRIBUTING.md	[Kubernetes Contributor Guide]
200	CONTRIBUTING.md	[contributing section]
200	CONTRIBUTING.md	[Contributor Cheat Sheet]
200	CONTRIBUTING.md	[Mentoring Initiatives]
200	CONTRIBUTING.md	[Slack channel]
N/A	CONTRIBUTING.md	[Mailing list]
200	README.md	[owners]
200	README.md	[Creative Commons 4.0]
200	README.md	[Embargo Policy]
200	README.md	[community page]
200	README.md	[Slack]
200	README.md	[Mailing List]
200	README.md	[Kubernetes Code of Conduct]
N/A	RELEASE.md	[OWNERS]
200	SECURITY.md	[kubernetes-security-announce]
ERR	SECURITY.md	[kubernetes-security-announce-rss]
200	SECURITY.md	[Kubernetes version and version skew support policy]
200	SECURITY.md	[Kubernetes Security and Disclosure Information]
200	code-of-conduct.md	[Kubernetes Community Code of Conduct]
200	self-assessment.md	[Cluster API Security Self-assessment Playlist]
200	self-assessment.md	[Ankita Swamy]
200	self-assessment.md	[Naadir Jeewa]
200	self-assessment.md	[Pushkar Joglekar]
200	self-assessment.md	[Robert Ficcaglia]
200	self-assessment.md	[Fabrizio Pandini]
200	self-assessment.md	[Lubomir I. Ivanov]
200	self-assessment.md	[Stefan Büringer]
N/A	self-assessment.md	[Cluster API]
N/A	self-assessment.md	[Kubernetes]
N/A	self-assessment.md	[Kubernetes SIG Security]
N/A	self-assessment.md	[security reviews]
N/A	self-assessment.md	[#sig-security-assess-capi]
N/A	self-assessment.md	[#cluster-api]
N/A	self-assessment.md	[#cluster-api-aws]
N/A	self-assessment.md	[#cluster-api-azure]
N/A	self-assessment.md	[#cluster-api-openstack]
N/A	self-assessment.md	[#cluster-api-baremetal]
N/A	self-assessment.md	[#cluster-api-vsphere]
N/A	self-assessment.md	[kubernetes-sig-cluster-lifecycle@googlegroups.com]
N/A	self-assessment.md	[kubernetes-sig-security@googlegroups.com]
200	self-assessment.md	[Schematic of relation between management cluster and workload cluster]
N/A	self-assessment.md	[Types of Clusters]
200	self-assessment.md	[mermaid-svg-data-flow-diagram-cluster-api]
200	self-assessment.md	[excalidraw-png-data-flow-diagram-cluster-api]
200	self-assessment.md	[https://github.com/kubernetes-sigs/cluster-api/network/dependencies]
200	self-assessment.md	[https://github.com/kubernetes-sigs/cluster-api-provider-aws/network/dependencies]
200	self-assessment.md	[https://github.com/kubernetes-sigs/cluster-api-provider-azure/network/dependencies]
200	self-assessment.md	[https://github.com/kubernetes-sigs/cluster-api-provider-vsphere/network/dependencies]
200	self-assessment.md	[Kubernetes Controller Runtime]
200	self-assessment.md	[govmomi]
200	self-assessment.md	[kind]
200	self-assessment.md	[CONTRIBUTING.md]
IGNORED	self-assessment.md	[planned]
200	self-assessment.md	[Core Infrastructure Initiative (CII) badging process]
IGNORED	self-assessment.md	[Planned]
IGNORED	self-assessment.md	[Implemented]
N/A	self-assessment.md	[End user guidance to be written]
N/A	self-assessment.md	[End user guidance to be written]
N/A	self-assessment.md	[AWS Shared Responsibility model]
IGNORED	self-assessment.md	[Planned]
IGNORED	self-assessment.md	[Planned]
IGNORED	self-assessment.md	[Issue filed]
N/A	self-assessment.md	[End user guidance to be written]
IGNORED	self-assessment.md	[planned]
N/A	self-assessment.md	[End user guidance to be written]
N/A	self-assessment.md	[End user guidance to be written]
N/A	self-assessment.md	[End user guidance to be written]
IGNORED	self-assessment.md	[planned]
N/A	self-assessment.md	[End user guidance to be written]
IGNORED	self-assessment.md	[To be implemented]
N/A	self-assessment.md	[End user guidance to be written]
N/A	self-assessment.md	[End user guidance to be written]
IGNORED	self-assessment.md	[implemented]
IGNORED	self-assessment.md	[planned]
IGNORED	self-assessment.md	[planned]
N/A	self-assessment.md	[End user guidance to be written]
N/A	self-assessment.md	[End user guidance to be written]
IGNORED	self-assessment.md	[implemented]
N/A	self-assessment.md	[Cloud Provider guidance to be written]
N/A	self-assessment.md	[End user guidance to be written]
IGNORED	self-assessment.md	[implemented]
IGNORED	self-assessment.md	[planned]
IGNORED	self-assessment.md	[planned]
N/A	self-assessment.md	[End user guidance to be written]
IGNORED	self-assessment.md	[planned]
N/A	self-assessment.md	[End user guidance to be written]
IGNORED	self-assessment.md	[planned]
N/A	self-assessment.md	[End user guidance to be written]
N/A	self-assessment.md	[Cloud Provider guidance to be written]
N/A	self-assessment.md	[End user guidance to be written]
N/A	self-assessment.md	[End user guidance to be written]
N/A	self-assessment.md	[End user guidance to be written]
IGNORED	self-assessment.md	[implemented]
N/A	self-assessment.md	[End user guidance to be written]
N/A	self-assessment.md	[End user guidance to be written]
N/A	self-assessment.md	[End user guidance to be written]
N/A	self-assessment.md	[End user guidance to be written]
IGNORED	self-assessment.md	[implemented]
N/A	self-assessment.md	[End user guidance to be written]
N/A	self-assessment.md	[End user guidance to be written]
N/A	self-assessment.md	[Cloud Provider guidance to be written]
200	self-assessment.md	[Introduction to Cluster API]
200	self-assessment.md	[Introduction to Image Builder]
200	self-assessment.md	[Introduction to Kubebuilder]
200	self-assessment.md	[Cluster API Deep Dive - Naadir Jeewa, VMware & Cecile Robert-Michon, Microsoft]
200	self-assessment.md	[AWS4-HMAC-SHA256]
200	self-assessment.md	[AWS Shared Responsibility model]
200	self-assessment.md	[Cluster API]
200	self-assessment.md	[Kubernetes Cluster API]
IGNORED	self-assessment.md	[Kubernetes Security Review]
200	self-assessment.md	[TAG Security Reviews]
200	self-assessment.md	[Kubernetes SIG Security]
200	self-assessment.md	[#sig-security-assess-capi]
200	self-assessment.md	[#cluster-api]
200	self-assessment.md	[#cluster-api-aws]
200	self-assessment.md	[#cluster-api-vsphere]
200	self-assessment.md	[#cluster-api-openstack]
200	self-assessment.md	[#cluster-api-baremetal]
IGNORED	self-assessment.md	[kubernetes-sig-cluster-lifecycle@googlegroups.com]
IGNORED	self-assessment.md	[kubernetes-sig-security@googlegroups.com]
IGNORED	self-assessment.md	[cluster-api-end-user-guide]
IGNORED	self-assessment.md	[cluster-api-cloud-provider-guide]
N/A	kubernetes-admission-control-threat-model.md	[Mitigation ID 2 - Webhook fails closed]
N/A	kubernetes-admission-control-threat-model.md	[Mitigation ID 2 - Webhook fails closed]
N/A	kubernetes-admission-control-threat-model.md	[Mitigation ID 3 - Webhook authenticates callers]
N/A	kubernetes-admission-control-threat-model.md	[Mitigation ID 8 - Regular reviews of webhook configuration catch issues]
N/A	kubernetes-admission-control-threat-model.md	[Mitigation ID 1 - RBAC rights are strictly controlled]
N/A	kubernetes-admission-control-threat-model.md	[Threat ID 2]
N/A	kubernetes-admission-control-threat-model.md	[Mitigation ID 2 - Webhook fails closed]
N/A	kubernetes-admission-control-threat-model.md	[Mitigation ID 4 - Webhook uses TLS encryption for all traffic]
N/A	kubernetes-admission-control-threat-model.md	[Mitigation ID 5 - Webhook mutual TLS authentication is used]
N/A	kubernetes-admission-control-threat-model.md	[Mitigation ID 5 - Webhook mutual TLS authentication is used]
N/A	kubernetes-admission-control-threat-model.md	[Mitigation ID 6 - All rules are reviewed and tested]
N/A	kubernetes-admission-control-threat-model.md	[Mitigation ID 1 - RBAC rights are strictly controlled]
N/A	kubernetes-admission-control-threat-model.md	[Mitigation ID 6 - All rules are reviewed and tested]
N/A	kubernetes-admission-control-threat-model.md	[Mitigation ID 6 - All rules are reviewed and tested]
N/A	kubernetes-admission-control-threat-model.md	[Mitigation ID 6 - All rules are reviewed and tested]
N/A	kubernetes-admission-control-threat-model.md	[Mitigation ID 7 - Admission controller uses restrictive policies to prevent privileged workloads]
N/A	kubernetes-admission-control-threat-model.md	[Mitigation ID 7 - Admission controller uses restrictive policies to prevent privileged workloads]
N/A	kubernetes-admission-control-threat-model.md	[Mitigation ID 9 - Strictly control external system access]
IGNORED	kubernetes-admission-control-threat-model.md	[CVE-2020-8554]
N/A	kubernetes-admission-control-threat-model.md	[Threat ID 4 - Attacker has rights to delete or modify the k8s webhook object]
N/A	kubernetes-admission-control-threat-model.md	[Threat ID 11 - Attacker deploys workloads to namespaces that are exempt from admission control]
N/A	kubernetes-admission-control-threat-model.md	[Threat ID 1 - Attacker floods webhook with traffic preventing its operations]
N/A	kubernetes-admission-control-threat-model.md	[Threat ID 5 - Attacker gets access to valid credentials for the webhook]
N/A	kubernetes-admission-control-threat-model.md	[Threat ID 2 - Attacker passes workloads which require complex processing causing timeouts]
N/A	kubernetes-admission-control-threat-model.md	[Threat ID 7 - Attacker sniffs traffic on the container network]
N/A	kubernetes-admission-control-threat-model.md	[Threat ID 8 - Attacker carries out a MITM attack on the webhook]
200	kubernetes-admission-control-threat-model.md	[abuse cases]
N/A	kubernetes-admission-control-threat-model.md	[Threat ID 9 - Attacker steals traffic from the webhook via spoofing]
N/A	kubernetes-admission-control-threat-model.md	[Threat ID 12 - Block rule can be bypassed due to missing match (e.g. missing initcontainers)]
N/A	kubernetes-admission-control-threat-model.md	[Threat ID 13 - Attacker exploits bad string matching on a blocklist to bypass rules]
N/A	kubernetes-admission-control-threat-model.md	[Threat ID 14 - Attacker uses new/old features of the Kubernetes API which have no rules]
200	kubernetes-admission-control-threat-model.md	[Abusing Privileged and Unprivileged Linux Containers]
200	kubernetes-admission-control-threat-model.md	[Understanding and Hardening Linux Containers]
N/A	kubernetes-admission-control-threat-model.md	[Threat ID 15 - Attacker deploys privileged container to node running Webhook controller]
N/A	kubernetes-admission-control-threat-model.md	[Threat ID 16 - Attacker mounts a privileged node hostpath allowing modification of Webhook controller configuration]
N/A	kubernetes-admission-control-threat-model.md	[Threat ID 3 - Attacker exploits misconfiguration of webhook to bypass]
N/A	kubernetes-admission-control-threat-model.md	[Threat ID 18 - Attacker uses policies to send confidential data from admission requests to external systems]
200	kubernetes-admission-control-threat-model.md	[https://www.deciduous.app/]
200	README.md	[Policy Working Group]
200	README.md	[pandoc]
200	README.md	[Policy WG repo]
N/A	kubernetes-policy-management.md	[Introduction]
N/A	kubernetes-policy-management.md	[Authors]
N/A	kubernetes-policy-management.md	[Acknowledgements]
N/A	kubernetes-policy-management.md	[Target Audience]
N/A	kubernetes-policy-management.md	[In Scope]
N/A	kubernetes-policy-management.md	[Out of Scope]
N/A	kubernetes-policy-management.md	[Policy Engines and Tools]
N/A	kubernetes-policy-management.md	[Policy Architecture]
N/A	kubernetes-policy-management.md	[Policy Administration Point (PAP)]
N/A	kubernetes-policy-management.md	[Policy Enforcement Point (PEP)]
N/A	kubernetes-policy-management.md	[Kubernetes Policy Objects]
N/A	kubernetes-policy-management.md	[Enforcement at admission]
N/A	kubernetes-policy-management.md	[Enforcement at runtime]
N/A	kubernetes-policy-management.md	[Policy Decision Point (PDP)]
N/A	kubernetes-policy-management.md	[Policy Information Point (PIP)]
N/A	kubernetes-policy-management.md	[Lifecycle Phases]
N/A	kubernetes-policy-management.md	[Develop]
N/A	kubernetes-policy-management.md	[Distribute]
N/A	kubernetes-policy-management.md	[Deploy]
N/A	kubernetes-policy-management.md	[Runtime]
N/A	kubernetes-policy-management.md	[Security Mappings]
N/A	kubernetes-policy-management.md	[Security Assurance]
N/A	kubernetes-policy-management.md	[Threat Modeling]
N/A	kubernetes-policy-management.md	[Security assurance in the delivery pipeline]
N/A	kubernetes-policy-management.md	[Security assurance at runtime]
N/A	kubernetes-policy-management.md	[Incident Response]
N/A	kubernetes-policy-management.md	[Compliance]
N/A	kubernetes-policy-management.md	[Conclusion]
N/A	kubernetes-policy-management.md	[Roadmap]
200	kubernetes-policy-management.md	[APIs]
200	kubernetes-policy-management.md	[NetworkPolicy]
200	kubernetes-policy-management.md	[control plane]
200	kubernetes-policy-management.md	[dynamic admission control]
200	kubernetes-policy-management.md	[TAG Security]
200	kubernetes-policy-management.md	[Kubernetes SIG Security]
200	kubernetes-policy-management.md	[The 4C's of Cloud Native Security]
200	kubernetes-policy-management.md	[refers to the application code running inside a container]
200	kubernetes-policy-management.md	[security and compliance section of the cloud native landscape]
200	kubernetes-policy-management.md	[eXtensible Access Control Markup Language (XACML) Version 3.0]
200	kubernetes-policy-management.md	[OCI-compliant]
200	kubernetes-policy-management.md	[documentation link]
200	kubernetes-policy-management.md	[documentation link]
200	kubernetes-policy-management.md	[Pod Security Standards]
200	kubernetes-policy-management.md	[Pod Security Admission Controller]
200	kubernetes-policy-management.md	[Authenticating]
200	kubernetes-policy-management.md	[Kubernetes Authorization Overview]
200	kubernetes-policy-management.md	[admission controllers]
200	kubernetes-policy-management.md	[Using Admission Controllers]
200	kubernetes-policy-management.md	[CIS Benchmark for Kubernetes]
200	kubernetes-policy-management.md	[Kubernetes Policy Working Group]
200	kubernetes-policy-management.md	[CNCF Security Technical Advisory Group (TAG)]
200	kubernetes-policy-management.md	[ConfigMaps]
200	kubernetes-policy-management.md	[Software Supply Chain Best Practices]
200	kubernetes-policy-management.md	[Chaos Engineering]
200	kubernetes-policy-management.md	[Policy Report CRD]
200	kubernetes-policy-management.md	[https://pages.nist.gov/OSCAL/documentation/schema/]
200	kubernetes-policy-management.md	[OSCAL Assessment Results model]
200	kubernetes-policy-management.md	[cloud native security survey]
200	kubernetes-policy-management.md	[Kubernetes policy objects]
200	kubernetes-policy-management.md	[Security and Compliance category of the CNCF Cloud Native Interactive Landscape]
200	kubernetes-policy-management.md	[Kubernetes Policy Working Group]
IGNORED	kubernetes-policy-management.md	[kubernetes-wg-policy@googlegroups.com]
200	kubernetes-policy-management.md	[slack channel]
200	README.md	[Security Release Process]
200	README.md	[embargo policy]
N/A	README.md	[Request for Proposal (RFP)]
N/A	README.md	[Security Audit Scope]
N/A	README.md	[Vendor and Community Questions]
N/A	README.md	[Review of Proposals]
N/A	README.md	[Vendor Selection]
N/A	README.md	[Deliverables]
200	README.md	[2019]
200	README.md	[Kubernetes project]
200	README.md	[Kubernetes SIGs]
200	README.md	[Example from the 2021 audit]
IGNORED	README.md	[Example from the 2021 audit]
200	README.md	[Security Release Process]
200	README.md	[embargo policy]
N/A	README.md	[conflict of interest]
200	README.md	[CNCF Security TAG security reviewer process]
200	README.md	[Example from the 2019 audit]
200	README.md	[Example from the 2019 audit]
200	RFP.md	[here]
200	RFP.md	[Kubernetes project]
200	RFP.md	[NCC Group: Understanding hardening linux containers]
200	RFP.md	[the networking documentation]
200	container-runtime.md	[sig-node]
200	etcd.md	[sig-api-machinery]
200	etcd.md	[Access to etcd is equivalent to root permission in the cluster]
200	kube-apiserver.md	[sig-api-machinery]
200	kube-apiserver.md	[is a command line flag]
200	kube-apiserver.md	[a command line flag]
200	kube-proxy.md	[sig-network]
200	kube-scheduler.md	[sig-scheduling]
200	kubelet.md	[sig-node]
200	RFP.md	[codebase]
200	RFP.md	[Attacking and Defending Kubernetes Installations]
200	RFP.md	[1.13]
200	RFP.md	[Kubernetes project]
200	RFP.md	[Kubernetes SIGs]
200	RFP.md	[bug bounty program]
200	RFP.md	[bug bounty program]
200	RFP.md	[here]
200	RFP.md	[here]
200	RFP.md	[section 11.(f) of the Cloud Native Computing Foundation (CNCF) Charter]
200	RFP.md	[sections 11.(e) and (d) in the CNCF Charter]
200	RFP.md	[Kubernetes components]
200	RFP.md	[kube-apiserver overview]
200	RFP.md	[kube-scheduler overview]
200	RFP.md	[Operating etcd clusters for Kubernetes]
200	RFP.md	[etcd clustering guide]
200	RFP.md	[kube-controller-manager overview]
200	RFP.md	[cloud-controller-manager overview]
200	RFP.md	[cloud-controller-manager administration]
200	RFP.md	[kubelet overview]
200	RFP.md	[kube-proxy overview]
200	RFP.md	[secrets-store-csi-driver]
N/A	RFP.md	[components in-scope]
200	learning-sessions.md	[KubeAudit]
200	learning-sessions.md	[Genevieve Luyt]
200	learning-sessions.md	[Dani Santos]
200	learning-sessions.md	[Eraser]
200	learning-sessions.md	[Xander Grzywinski]
200	learning-sessions.md	[Stratus Red Team]
200	learning-sessions.md	[Christophe Tafani-Dereeper]
200	learning-sessions.md	[SIG Security]
200	learning-sessions.md	[Pushkar Joglekar]
200	learning-sessions.md	[kdigger]
200	learning-sessions.md	[Mahé Tardy]
200	learning-sessions.md	[Kube Armor]
200	learning-sessions.md	[Rahul Jadhav]
200	learning-sessions.md	[SBoM for K8s]
200	learning-sessions.md	[Adolfo García Veytia]
200	learning-sessions.md	[go-vulncheck]
200	learning-sessions.md	[Zvonimir Pavlinovic]
200	learning-sessions.md	[Images in k/k discussion]
200	learning-sessions.md	[Stephen Augustus]
200	README.md	[here]
200	README.md	[Code Organization]
IGNORED	README.md	[Issue #5920]
200	README.md	[here]
200	README.md	[SIG Release]
200	README.md	[here]
200	README.md	[slack channel]
200	build-time-dependencies.md	[Kubernetes]
IGNORED	build-time-dependencies.md	[Issue #101528]
200	build-time-dependencies.md	[snyk]
200	build-time-dependencies.md	[replace]
200	build-time-dependencies.md	[vulnerability of this type]
IGNORED	build-time-dependencies.md	[GitHub PR]
200	build-time-dependencies.md	[RedHat Bugzilla Bug]
200	build-time-dependencies.md	[github.com/dgrijalva/jwt-go]
IGNORED	build-time-dependencies.md	[\"aud\"]` happens to be `[]string{}`, as allowed by the spec, the type assertion fails and the value of `aud` is `\"\"`. This can cause audience verification to succeed even if the audiences being passed are incorrect if `required` is set to `false`.\n## Remediation\nUpgrade `github.com/dgrijalva/jwt-go` to version 4.0.0-preview1 or higher.\n## References\n- [GitHub Issue]
IGNORED	build-time-dependencies.md	[GitHub PR]
200	build-time-dependencies.md	[github.com/dgrijalva/jwt-go]
IGNORED	build-time-dependencies.md	[\"aud\"]` happens to be `[]string{}`, as allowed by the spec, the type assertion fails and the value of `aud` is `\"\"`. This can cause audience verification to succeed even if the audiences being passed are incorrect if `required` is set to `false`.\n## Remediation\nUpgrade `github.com/dgrijalva/jwt-go` to version 4.0.0-preview1 or higher.\n## References\n- [GitHub Issue]
IGNORED	build-time-dependencies.md	[GitHub PR]
200	container-images.md	[Kubernetes]
IGNORED	container-images.md	[Issue #4]
200	container-images.md	[snyk]
200	container-images.md	[ADVISORY]
200	container-images.md	[CONFIRM]
200	container-images.md	[FEDORA]
200	container-images.md	[GENTOO]
200	container-images.md	[MISC]
200	container-images.md	[MISC]