Kubernetes

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
Community Management & Communications OTHER critical
Kubernetes community management & communication tools are currently ineligible for bounty. Please avoid disruptions. List of ineligible community assets: - k8s.io event calendar: https://calendar.google.com/calendar/r?cid=Y2dudDM2NHZkOHM4NmhyMnBoYXBmamM2dWtAZ3JvdXAuY2FsZW5kYXIuZ29vZ2xlLmNvbQ - kubernetes.slack.com - @kubernetesio twitter handle - Kubernetes meetup account - kubeweekly news list: kube.news - google groups mailing lists, e.g. https://groups.google.com/forum/#!forum/kubernetes-* - subreddit: reddit.com/kubernetes - youtube.com/kubernetescommunity - Kubernetes zoom accounts - stack overflow tag: https://stackoverflow.com/questions/tagged/kubernetes
github.com/kubernetes-csi SOURCE_CODE high high high critical
Kubernetes CSI drivers & infrastructure. Not all repos are eligible for bounty. Eligible for bounty: - github.com/kubernetes-csi/external-provisioner - github.com/kubernetes-csi/external-snapshotter - github.com/kubernetes-csi/node-driver-registrar - github.com/kubernetes-csi/livenessprobe - github.com/kubernetes-csi/csi-release-tools - github.com/kubernetes-csi/csi-lib-utils - github.com/kubernetes-csi/kubernetes-csi.github.io - github.com/kubernetes-csi/docs Ineligible: - github.com/kubernetes-csi/driver-registrar (deprecated) - github.com/kubernetes-csi/csi-test - github.com/kubernetes-csi/drivers (example code) - github.com/kubernetes-csi/cluster-driver-registrar (deprecated) - github.com/kubernetes-csi/external-attacher (alpha) - github.com/kubernetes-csi/external-resizer (alpha) - github.com/kubernetes-csi/csi-driver-host-path (not recommended for production) - github.com/kubernetes-csi/csi-driver-iscsi (not stable) - github.com/kubernetes-csi/csi-driver-nfs (not stable) - github.com/kubernetes-csi/csi-driver-image-populator (not stable) - github.com/kubernetes-csi/csi-driver-flex (not stable) - github.com/kubernetes-csi/csi-driver-fibre-channel (not stable) - github.com/kubernetes-csi/csi-lib-fc (not stable) - github.com/kubernetes-csi/csi-lib-iscsi (not stable)
github.com/kubernetes-retired SOURCE_CODE critical
The retired projects are no longer maintained
https://github.com/kubernetes-client SOURCE_CODE high high high critical
Kubernetes client libraries. The stable libraries are eligible for bounty, including: - https://github.com/kubernetes-client/python - https://github.com/kubernetes-client/java Supporting libraries are also eligible: - https://github.com/kubernetes-client/gen - https://github.com/kubernetes-client/python-base All other libraries are ineligible for bounty due to the alpha status or work in progress status.
https://github.com/kubernetes-incubator SOURCE_CODE critical
The kubernetes-incubator process is deprecated.
https://github.com/kubernetes-security SOURCE_CODE high high high critical
Unauthorized access (read or write) to any repositories under the kubernetes-security github organization is eligible.
https://github.com/kubernetes-sigs SOURCE_CODE critical
Unless explicitly listed as an eligible asset, repositories under the kubernetes-sigs github org are not eligible for bounty.
https://github.com/kubernetes/api SOURCE_CODE high high high critical
The canonical location of the Kubernetes API definition.
https://github.com/kubernetes/apiextensions-apiserver SOURCE_CODE high high high critical
API server for API extensions like CustomResourceDefinitions
https://github.com/kubernetes/apimachinery SOURCE_CODE high high high critical
https://github.com/kubernetes/apiserver SOURCE_CODE high high high critical
Library for writing a Kubernetes-style API server.
https://github.com/kubernetes/autoscaler SOURCE_CODE high high high critical
Autoscaling components for Kubernetes
https://github.com/kubernetes/cli-runtime SOURCE_CODE high high high critical
Set of helpers for creating kubectl commands and plugins.
https://github.com/kubernetes/client-go SOURCE_CODE high high high critical
Go client for Kubernetes.
https://github.com/kubernetes/cloud-provider SOURCE_CODE high high high critical
cloud-provider defines the shared interfaces which Kubernetes cloud providers implement. These interfaces allow various controllers to integrate with any cloud provider in a pluggable fashion. Also serves as an issue tracker for SIG Cloud Provider.
https://github.com/kubernetes/cloud-provider-alibaba-cloud SOURCE_CODE high high high critical
CloudProvider for Alibaba Cloud Vendor-specific plugins are not eligible for bounty. We recommend reporting vulnerabilities through the vendor's bug bounty program instead.
https://github.com/kubernetes/cloud-provider-aws SOURCE_CODE high high high critical
Vendor-specific plugins are not eligible for bounty. We recommend reporting vulnerabilities through the vendor's bug bounty program instead.
https://github.com/kubernetes/cloud-provider-azure SOURCE_CODE high high high critical
Cloud provider for Azure Vendor-specific plugins are not eligible for bounty. We recommend reporting vulnerabilities through the vendor's bug bounty program instead.
https://github.com/kubernetes/cloud-provider-gcp SOURCE_CODE high high high critical
Vendor-specific plugins are not eligible for bounty. We recommend reporting vulnerabilities through the vendor's bug bounty program instead.
https://github.com/kubernetes/cloud-provider-openstack SOURCE_CODE high high high critical
Vendor-specific plugins are not eligible for bounty. We recommend reporting vulnerabilities through the vendor's bug bounty program instead.
https://github.com/kubernetes/cloud-provider-sample SOURCE_CODE low low low medium
Sample of how to build a cloud provider repo. This will build a Kubernetes image which deploys on bare metal. It uses the fake cloud provider. It consumes the K8s/K8s build artifact and adds to it the Cloud Controller Manager and CSI Daemon Set. Example code.
https://github.com/kubernetes/cloud-provider-vsphere SOURCE_CODE high high high critical
Kubernetes Cloud Provider for vSphere (Beta) Vendor-specific plugins are not eligible for bounty. We recommend reporting vulnerabilities through the vendor's bug bounty program instead.
https://github.com/kubernetes/cluster-bootstrap SOURCE_CODE high high high critical
https://github.com/kubernetes/cluster-registry SOURCE_CODE high high high critical
Cluster Registry API
https://github.com/kubernetes/code-generator SOURCE_CODE high high high critical
Generators for kube-like API types
https://github.com/kubernetes/community SOURCE_CODE low none medium high
Kubernetes community content
https://github.com/kubernetes/component-base SOURCE_CODE high high high critical
Shared code for kubernetes core components
https://github.com/kubernetes/cri-api SOURCE_CODE high high high critical
Container Runtime Interface (CRI) – a plugin interface which enables kubelet to use a wide variety of container runtimes.
https://github.com/kubernetes/csi-api SOURCE_CODE high high high critical
https://github.com/kubernetes/csi-translation-lib SOURCE_CODE high high high critical
Staging repo for CSI Migration/Translation libraries
https://github.com/kubernetes/dashboard SOURCE_CODE high high high critical
General-purpose web UI for Kubernetes clusters
https://github.com/kubernetes/dns SOURCE_CODE high high high critical
Kubernetes DNS service
https://github.com/kubernetes/enhancements SOURCE_CODE low none medium high
Features tracking repo for Kubernetes releases
https://github.com/kubernetes/examples SOURCE_CODE medium medium medium critical
Kubernetes application example tutorials
https://github.com/kubernetes/frakti SOURCE_CODE high high high critical
The hypervisor-based container runtime for Kubernetes. Vendor-specific plugins are not eligible for bounty. We recommend reporting vulnerabilities through the vendor's bug bounty program instead.
https://github.com/kubernetes/funding SOURCE_CODE low none medium high
Funding requests for project infrastructure, events, and consulting.
https://github.com/kubernetes/gengo SOURCE_CODE high high high critical
Gengo library for code generation.
https://github.com/kubernetes/git-sync SOURCE_CODE medium medium medium critical
A sidecar app which clones a git repo and keeps it in sync with the upstream.
https://github.com/kubernetes/ingress-gce SOURCE_CODE high high high critical
Ingress controller for Google Cloud Vendor-specific plugins are not eligible for bounty. We recommend reporting vulnerabilities through the vendor's bug bounty program instead.
https://github.com/kubernetes/ingress-nginx SOURCE_CODE high high high critical
NGINX Ingress Controller for Kubernetes
https://github.com/kubernetes/k8s.io SOURCE_CODE high high high critical
Kubernetes files for various *.k8s.io sites
https://github.com/kubernetes/klog SOURCE_CODE high high high critical
Forked from golang/glog Leveled execution logs for Go (fork of https://github.com/golang/glog)
https://github.com/kubernetes/kompose SOURCE_CODE high high high critical
Go from Docker Compose to Kubernetes
https://github.com/kubernetes/kops SOURCE_CODE high high high critical
Kubernetes Operations (kops) - Production Grade K8s Installation, Upgrades, and Management
https://github.com/kubernetes/kube-aggregator SOURCE_CODE high high high critical
Aggregator for Kubernetes-style API servers: dynamic registration, discovery summarization, secure proxy
https://github.com/kubernetes/kube-controller-manager SOURCE_CODE high high high critical
kube-controller-manager component configs
https://github.com/kubernetes/kube-deploy SOURCE_CODE high high high critical
A place for cluster deployment automation
https://github.com/kubernetes/kube-openapi SOURCE_CODE high high high critical
Kubernetes OpenAPI spec generation & serving
https://github.com/kubernetes/kube-proxy SOURCE_CODE high high high critical
kube-proxy component configs
https://github.com/kubernetes/kube-scheduler SOURCE_CODE high high high critical
kube-scheduler component configs
https://github.com/kubernetes/kube-state-metrics SOURCE_CODE high high high critical
Add-on agent to generate and expose cluster-level metrics.
https://github.com/kubernetes/kubeadm SOURCE_CODE high high high critical
Aggregator for issues filed against kubeadm
https://github.com/kubernetes/kubectl SOURCE_CODE high high high critical
Issue tracker and mirror of kubectl code
https://github.com/kubernetes/kubelet SOURCE_CODE high high high critical
kubelet component configs
https://github.com/kubernetes/kubernetes SOURCE_CODE high high high critical
Production-Grade Container Scheduling and Management
https://github.com/kubernetes/kubernetes-anywhere SOURCE_CODE high high high critical
{concise,reliable,cross-platform} turnup of Kubernetes clusters DEPRECATED
https://github.com/kubernetes/kubernetes-template-project SOURCE_CODE low none low medium
A template for starting new projects on the github.com/kubernetes organization
https://github.com/kubernetes/legacy-cloud-providers SOURCE_CODE high high high critical
This repository hosts the legacy in-tree cloud providers. Out-of-tree cloud providers can consume packages in this repo to support legacy implementations of their Kubernetes cloud provider. Vendor-specific plugins are not eligible for bounty. We recommend reporting vulnerabilities through the vendor's bug bounty program instead.
https://github.com/kubernetes/metrics SOURCE_CODE high high high critical
Kubernetes metrics-related API types and clients
https://github.com/kubernetes/minikube SOURCE_CODE medium medium medium critical
Run Kubernetes locally
https://github.com/kubernetes/node-api SOURCE_CODE high high high critical
https://github.com/kubernetes/node-problem-detector SOURCE_CODE high high high critical
This is a place for various problem detectors running on the Kubernetes nodes.
https://github.com/kubernetes/org SOURCE_CODE high high high critical
Meta configuration for Kubernetes Github Org
https://github.com/kubernetes/perf-tests SOURCE_CODE low low low medium
Performance tests and benchmarks
https://github.com/kubernetes/publishing-bot SOURCE_CODE high high high critical
Code behind the robot to publish from staging to real repositories.
https://github.com/kubernetes/release SOURCE_CODE high high high critical
Release infrastructure for Kubernetes and related components
https://github.com/kubernetes/repo-infra SOURCE_CODE high high high critical
Kubernetes repository infrastucture tools
https://github.com/kubernetes/sample-apiserver SOURCE_CODE medium medium medium critical
Reference implementation of an apiserver for a custom Kubernetes API. Example code.
https://github.com/kubernetes/sample-cli-plugin SOURCE_CODE medium medium medium critical
Sample kubectl plugin
https://github.com/kubernetes/sample-controller SOURCE_CODE medium medium medium critical
Repository for sample controller. Complements sample-apiserver
https://github.com/kubernetes/security SOURCE_CODE low none medium high
Kubernetes Security Process and Security Committee docs
https://github.com/kubernetes/sig-release SOURCE_CODE high high high critical
Repo for SIG release
https://github.com/kubernetes/steering SOURCE_CODE low none medium high
The Kubernetes Steering Committee
https://github.com/kubernetes/test-infra SOURCE_CODE high high high critical
Test infrastructure for the Kubernetes project.
https://github.com/kubernetes/utils SOURCE_CODE high high high critical
Non-Kubernetes-specific utility libraries which are consumed by multiple projects.
https://github.com/kubernetes/website SOURCE_CODE high none high critical
Kubernetes website and documentation repo:
https://kubernetes.io URL high medium high critical
Main kubernetes website, hosted by netlify.
https://prow.k8s.io URL high high high critical
Kubernetes build & test infrastructure.
https://storage.googleapis.com/kubernetes-release/ OTHER high high high critical
Kubernetes release artifacts download server. Write access or modification of assets are eligible for bounty. Please DO NOT modify production artifacts. If you need a test target, you can use a test artifact such as `addons/test/crinit/2017-11-17/crinit`
k8s.gcr.io OTHER high high high critical
Our official container repository (an alias to gcr.io/google-containers). The ability to write to or modify containers in the repository are in scope. Please DO NOT modify production containers. If you need a test target, please use a test image such as fakegitserver.
k8s.io URL high medium high critical
Kubernetes nginx server.
kubernetes-csi.github.io URL low none low medium
Kubernetes CSI documentation site.

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity