Founder and CEO, ControlPlane | CISO, OpenUK | Co-chair, CNCF Technical Advisory Group for Security ▲ Kubernetes & cloud security consulting ▲ Author O'Reilly/SANS | Hacker | Leading the Future of Enterprise Tech
ControlPlane's Enterprise for #FluxCD provides secure assurance and support for GitOps. Stefan Prodan and I are in London next week if you want to talk security — this is how we implemented Vulnerability Exploitability Exchange documents [0], and here's why it's important to keep your scanners green for triaged CVEs [1]. The Enterprise subscription [2] is for immediate remediation of supply chain vulnerabilities with zero CVEs, SBOM and VEX management of dependency 0-days, hardened images with build attestation, and FIPS 140-2 TLS, backed by core maintainers and our DevSecOps expertise. [0] https://lnkd.in/guQ5JhDB [1] https://lnkd.in/gYWxPeFj [2] https://lnkd.in/egKazb2s
We are now publishing VEX documents for the ControlPlane enterprise distribution of #FluxCD with the CVEs that do not affect the Flux controllers. While the vulnerability assessment is a Flux enterprise perk, we decided to make the OpenVEX documents publicly available for all Flux users at https://lnkd.in/dQ_WeiFz. Big thanks to the OpenSSF community for making maintainer's life easier with OpenVEX and vexctl 🤗
Impressive work on securing GitOps with FluxCD! Could you share some examples of how the vulnerability exploitability exchange documents have benefited your clients?