Comments (12)
This issue is currently awaiting triage.
SIG Docs takes a lead on issue triage for this website, but any Kubernetes member can accept issues by applying the triage/accepted
label.
The triage/accepted
label can be added by org members by writing /triage accepted
in a comment.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
from website.
This is about https://kubernetes.io/docs/reference/issues-security/official-cve-feed/ and the feeds it links to.
/sig security
from website.
The CVE feed lists vulnerabilities in Kubernetes' core. I don't think we make that as clear as we could.
from website.
/retitle CVE feed doesn't include some vulnerabilities for in-project code
from website.
@sftim can you clarify here if there is anything actionable on this issue now? or is work dependent on the outcome of the k/k issue you created?
from website.
The people working on the KEP could take steps to ensure the upstream feed includes more data; you can't fix this purely by committing to k/website.
However, there's more than one route forward here.
from website.
Thanks for the tag @sftim
/priority important-long-term
from website.
@PushkarJ: The label(s) priority/important-long-term
cannot be applied, because the repository doesn't have them.
In response to this:
Thanks for the tag @sftim
/priority important-long-term
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
from website.
Including CVEs outside of k8s core is not in scope at the moment for GA. If this is useful for the community, I would welcome folks to chat with the group who maintains the CVE feed on #sig-security-tooling (Invite yourself from here: https://slack.k8s.io/) and share their intent to contribute to make this happen.
/priority important-longterm
from website.
In the meantime, we could clarify in the web page about what's in scope.
from website.
@sftim Would it make sense to clarify it as a k/website PR or as part of KEP or both?
from website.
Ideally both
from website.
Related Issues (20)
- Kubelet Configuration (v1) HOT 8
- Latest releases v1.29.3, v1.28.8, v1.27.12, and v1.26.15 not included in released details HOT 3
- Discrepancy in End of Life date for v1.26 in "Patch Releases" page HOT 4
- Want to create a Docker image of an existing EKS pod or any pod. HOT 4
- [es] Translate - `docs/concepts/architecture/control-plane-node-communication/` into Spanish HOT 6
- Move non-graceful node shutdown section from concepts/architecture/nodes.md to concepts/cluster-administration HOT 4
- [es] Update Translate - `docs/concepts/architecture/cgroups` into Spanish
- [es] Update Translate - `docs/concepts/architecture/cloud-controller` into Spanish
- [es] Translate - `docs/concepts/architecture/controller` into Spanish
- [es] Translate - `docs/concepts/architecture/garbage-collection` into Spanish
- [es] Translate - `docs/concepts/architecture/leases` into Spanish HOT 2
- [es] Translate - `docs/concepts/architecture/mixed-version-proxy` into Spanish
- [es] Translate - `docs/concepts/architecture/nodes` into Spanish HOT 2
- [es] localize concepts/workloads/pods/user-namespaces.md to Spanish HOT 1
- [es] localize concepts/workloads/pods/downward-api.md to Spanish HOT 1
- [es] localize concepts/workloads/pods/pod-lifecycle.md to Spanish HOT 5
- Kubernetes documentation still points to legacy package repo HOT 7
- Register annotations for Azure integration HOT 3
- Example correction in the documentation: "kubectl auth can-i ... --as ..." HOT 6
- [bn] List of Glossary files for localize HOT 12
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from website.