containerd navbar logo
Security and audits

Security and audits

The containerd project has a significant focus on the security of the container runtime layer on which so many other software systems depend. We have a clear and well-documented security process and use GitHub security features and their CVE numbering authority to properly disclose any identified and verified vulnerabilities.

Reporting security issues

Please follow the project’s reporting process outlined in SECURITY.md within the containerd/project GitHub repository.

Security audits

Security audits are performed from time to time for the project, enabled by investment from the CNCF or other interested parties. When public reports are published as a result of these audits we will publish them in the following table.

Name/LinkDescriptionDate
Fuzzing audit - ADA-fuzzing-audit-21-22.pdfFuzzing audit funded by the CNCF, audit by Ada LogicsMarch 2023
CNCF Graduated Project audit - SECURITY_AUDIT.pdfSecurity audit funded by the CNCF, audit by Cure53Nov 2018
Docs
Project
Community
Twitter GitHub Slack

© containerd Authors 2024 | Documentation Distributed under CC-BY-4.0


© 2024 The Linux Foundation. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page.