We offer services at different levels of Kubernetes infrastructure. Our services start with understanding your use case, who you serve and how you deploy your Kubernetes instance. We can then audit your application layer, your infrastructure and/or your supply-chain risk. An audit will include either static code assets or in-cluster auditing or both - which is the case for most of our audits. Our audits complete with a detailed report written for you in a format you can share internally with your team or publicly with the world.

Ada Logics has audited a range of popular Kubernetes tools.

We have found several security vulnerabilities in the Argo ecosystem - from Low to Critical severity. We worked with the Argo team to remediate and get them released in a safe manner. Similarly, we have written Argos entire fuzzing infrastructure and maintained it for several years.

The widely customizable and widely used admission controller with a great feature set and detailed documentation. Ada Logics audited Kyverno and found 5 vulnerabilities that we disclosed to Kyverno who fixed them. Ada Logics has written Kyvernos fuzzing suite which tests both for language-level vulnerabilities and policy bypasses, and we have maintained the fuzzing suite for several years.

One of the most widely used container runtimes after containerd/Docker. During an audit of cri-o, we found a vulnerability that could allow an attacker to crash Kubernetes Node and thereby impact the usability of other users on that node. We then looked at containerd and found that it had the same vulnerability. Both cri-o and containerd fixed the vulnerabilities.

The popular service mesh that offers a rich feature set including many that enhance the security of your cluster. Ada Logics has both found vulnerabilities in Istio and in Golang that directly impacted Istio.

Ada Logics have found multiple vulnerabilities in containerd both from auditing efforts and security engineering. During out audit of cri-o we found a vulnerability that existed in both cri-o and containerd. During a fuzzing engagement, we found another vulnerability in containerd.

We carried out a holistic security audit of FluxCD in which we found a high-severity command-injection.

We can threat model your infrastructure to identify its attack surface, threat actors, trust zones and trust flow and security controls.

Ada Logics can take an attackers perspective and attempt to steal your data, damage your application, infiltrate your infrastructure and compromise your users in a controlled environment.

We can manually audit your Kubernetes infrastructure for risks, misconfigurations, risks and vulnerabilities.

We use state-of-the-art open source dynamic and static analysis to support our audits.

We can help with auditing your infrastructure as a one-time engagement.

We are available for regular infrastructure audits such as yearly or half-yearly engagements. Code changes over time, and vulnerabilities can get introduced. Catch them with yearly checkups. Alternatively, a yearly infrastructure audit helps your eradicate easily-exploitable issues and find deeper security issues over time.

We can work with you on hardening the security of your infrastructure. This can be through implementing or improving your admission controls or service mesh, or by hardening your infrastructure configurations.