Security and audits

The containerd project has a significant focus on the security of the container runtime layer on which so many other software systems depend. We have a clear and well-documented security process and use GitHub security features and their CVE numbering authority to properly disclose any identified and verified vulnerabilities.

Reporting security issues

Please follow the project’s reporting process outlined in within the containerd/project GitHub repository.

Security audits

Security audits are performed from time to time for the project, enabled by investment from the CNCF or other interested parties. When public reports are published as a result of these audits we will publish them in the following table.

Fuzzing audit - ADA-fuzzing-audit-21-22.pdfFuzzing audit funded by the CNCF, audit by Ada LogicsMarch 2023
CNCF Graduated Project audit - SECURITY_AUDIT.pdfSecurity audit funded by the CNCF, audit by Cure53Nov 2018