Skip to content
/ kubernetes-security-txt Public

Possible Kubernetes KEP for creating a /security endpoint with contact information for security researchers

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

avolens/kubernetes-security-txt

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
kubernetes-kep-template.md
kubernetes-kep-template.md
 
 

Repository files navigation

Kubernetes Security API endpoint

Possible Kubernetes KEP for creating a /security endpoint with contact information for security researchers.

Motivation

If a security researcher finds a misconfigured Kubernetes API or Kubelet endpoint and wants to report it to the appropriate company, it can be very difficult to find the company running the Kubernetes API or Kubelet without gaining deep access to the cluster. The security researcher has only a few ways to find out if the Kubelet or Kubernetes API belongs to a certain company.

Improvement

For web pages, there is the concept of the security.txt file to RFC9116. This would also be conceivable for Kubernetes. For the Kubernetes API and the Kubelet there should be a /security endpoint containing the appropriate contact information.

About

Possible Kubernetes KEP for creating a /security endpoint with contact information for security researchers

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository