Services
AI/LLM security Kubernetes security Open-source security Penetration testing Security engineering Software security auditing Supply-chain security
Training
About
Blog
Contact
Kubernetes security

Ada Logics has rich experience in Kubernetes security that can help you protect and secure your cloud assets. We have comprehensive knowledge of Kubernetes’ threat model and how misconfigured clusters or vulnerable code make you vulnerable and how you can mitigate. This has led us to find vulnerabilities in many of widely used software packages amongst Kubernetes users such as Argo, cri-o, containerd, Helm and FluxCD.

We offer services at different levels of Kubernetes infrastructure. Our services start with understanding your use case, who you serve and how you deploy your Kubernetes instance. We can then audit your application layer, your infrastructure and/or your supply-chain risk. An audit will include either static code assets or in-cluster auditing or both - which is the case for most of our audits. Our audits complete with a detailed report written for you in a format you can share internally with your team or publicly with the world.

Wide experience with the Kubernetes ecosystem

Ada Logics has audited a range of popular Kubernetes tools.

We have found several security vulnerabilities in the Argo ecosystem - from Low to Critical severity. We worked with the Argo team to remediate and get them released in a safe manner. Similarly, we have written Argos entire fuzzing infrastructure and maintained it for several years.
The widely customizable and widely used admission controller with a great feature set and detailed documentation. Ada Logics audited Kyverno and found 5 vulnerabilities that we disclosed to Kyverno who fixed them. Ada Logics has written Kyvernos fuzzing suite which tests both for language-level vulnerabilities and policy bypasses, and we have maintained the fuzzing suite for several years.
One of the most widely used container runtimes after containerd/Docker. During an audit of cri-o, we found a vulnerability that could allow an attacker to crash Kubernetes Node and thereby impact the usability of other users on that node. We then looked at containerd and found that it had the same vulnerability. Both cri-o and containerd fixed the vulnerabilities.
The popular service mesh that offers a rich feature set including many that enhance the security of your cluster. Ada Logics has both found vulnerabilities in Istio and in Golang that directly impacted Istio.
Ada Logics have found multiple vulnerabilities in containerd both from auditing efforts and security engineering. During out audit of cri-o we found a vulnerability that existed in both cri-o and containerd. During a fuzzing engagement, we found another vulnerability in containerd.
We carried out a holistic security audit of FluxCD in which we found a high-severity command-injection.
Talk to us now about your Kubernetes security audit
Contact Us