Skip to content

Security: ajeetraina/kubezilla

Security

SECURITY.md

Security Policy 🦖

KubeZilla acts on production clusters, so we take security seriously — it's the whole point of the project. See docs/safe-autonomy.md for the architecture.

Reporting a vulnerability

Please do not open a public issue for security vulnerabilities.

Email security@kubezilla.dev with:

  • a description of the issue,
  • steps to reproduce,
  • the affected version (kubezilla version),
  • impact assessment if you have one.

We aim to acknowledge within 48 hours and to ship a fix or mitigation promptly, crediting you (if you wish) in the release notes.

Supported versions

During the v0.x pre-1.0 phase, only the latest minor release receives security fixes.

Our security posture (TL;DR)

  • KubeZilla's own identity is read-mostly; it cannot mutate workloads directly.
  • All remediation runs with ephemeral, least-privilege ServiceAccounts inside a kernel-isolated Agent Sandbox (gVisor/Kata).
  • The model emits typed plans, never shell.
  • Every mutating action ships a rollback; failed verification auto-reverts.
  • kube-system and kubezilla-system are protected namespaces by default.

There aren't any published security advisories