Commit 04ebe44a authored by Richard Hartmann's avatar Richard Hartmann Committed by Luc Perkins

Add cure53 security audit report (#1065)

* Add cure53 security report
Signed-off-by: 's avatarRichard Hartmann <richih@richih.org>

* Improve formatting of navigation
Signed-off-by: 's avatarRichard Hartmann <richih@richih.org>

* Work in feedback by @juliusv
Signed-off-by: 's avatarRichard Hartmann <richih@richih.org>

* Work in feedback by @juliusv & @brian-brazil
Signed-off-by: 's avatarRichard Hartmann <richih@richih.org>

* Work in feedback by @brian-brazil
Signed-off-by: 's avatarRichard Hartmann <richih@richih.org>

* Take @julisuv feedback into account
Signed-off-by: 's avatarRichard Hartmann <richih@richih.org>

* Remove audit description
Signed-off-by: 's avatarlucperkins <lucperkins@gmail.com>

* Update PDF download URL
Signed-off-by: 's avatarlucperkins <lucperkins@gmail.com>
parent 0219fb2e
...@@ -107,7 +107,7 @@ If using a client-library-provided HTTP handler, it should not be possible for ...@@ -107,7 +107,7 @@ If using a client-library-provided HTTP handler, it should not be possible for
malicious requests that reach that handler to cause issues beyond those malicious requests that reach that handler to cause issues beyond those
resulting from additional load and failed scrapes. resulting from additional load and failed scrapes.
## Authentication/Authorisation/Encryption ## Authentication, Authorization, and Encryption
Prometheus and its components do not provide any server-side Prometheus and its components do not provide any server-side
authentication, authorisation or encryption. If you require this, it is authentication, authorisation or encryption. If you require this, it is
...@@ -184,3 +184,11 @@ members of the Prometheus development team and the staff of those providers ...@@ -184,3 +184,11 @@ members of the Prometheus development team and the staff of those providers
have access. If you are concerned about the exact provenance of your binaries, have access. If you are concerned about the exact provenance of your binaries,
it is recommended to build them yourself rather than relying on the it is recommended to build them yourself rather than relying on the
pre-built binaries provided by the project. pre-built binaries provided by the project.
## External audits
[CNCF](https://cncf.io) sponsored an external security audit by
[cure53](https://cure53.de) which ran from April 2018 to June 2018.
For more details, please read the
[final report of the audit](/assets/downloads/2018-06-11--cure53_security_audit.pdf).
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment