Add Guardon Project Self-Assessment for Security Review #1505
Conversation
✅ Deploy Preview for tag-security ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
JustinCappos
left a comment
JustinCappos
left a comment
There was a problem hiding this comment.
Looks like a nice self assessment start! I have a few minor comments and more detail would be needed for a joint assessment, but the overall content is quite appropriate.
| - Displays inline annotations and highlights misconfigurations | ||
|
|
||
| ### **2. Validation Engine** | ||
| - Parses YAML and performs schema validation using `js-yaml` |
There was a problem hiding this comment.
Can you talk more about what this does for you? Just another sentence or so.
There was a problem hiding this comment.
updating this line to add more context and make it simple. "Guardon uses js-yaml to convert raw YAML text into JavaScript objects, then checks these objects against Kubernetes schemas to ensure all required fields and types are correct before further rule validation"
| - **Browser**: Provides sandboxed execution environment | ||
| - **Local Guardon Engine**: Performs validation | ||
| - **Kyverno-JS**: Evaluates policies locally | ||
| - **Rule Sources**: User-imported Kyverno rules stored locally |
There was a problem hiding this comment.
How does the user know how to make these? Are there defaults?
There was a problem hiding this comment.
First user has the flexibility to define there own kyverno rules/OpenAPI/CRD Schemas using the Options UI(stored in browser local storage). Then developers can simply use the Extension to validate any kubernetes yaml file on github or gitlab. This is all covered in Technical Documentation(Readme.md)
| - Local Kyverno-JS policy execution | ||
| - Secure sandboxing of rule engine | ||
| - YAML isolation and strict parsing | ||
| - Immutable validation results |
There was a problem hiding this comment.
Kyverno policies are enforced locally in the browser’s sandbox, with each YAML parsed and validated in isolation. Validation results are read-only and cannot be changed after creation.
| - Secure sandboxing of rule engine | ||
| - YAML isolation and strict parsing | ||
| - Immutable validation results | ||
| - No-network guarantee |
There was a problem hiding this comment.
Is this enforced somehow? What if js-yaml or some other dependency violates this in a future version?
There was a problem hiding this comment.
Guardon’s architecture and policies minimize risk, but ongoing vigilance (dependency review, testing, and CSP enforcement) is required to ensure these guarantees remain intact as dependencies evolve. We can plan to use tools like jest-fetch-mock or custom spies to catch any unexpected network or data access.
| ### **Critical (Non-Configurable)** | ||
| - Kubernetes schema validation | ||
| - Local Kyverno-JS policy execution | ||
| - Secure sandboxing of rule engine |
| - Static code analysis (ESLint) | ||
| - npm audit | ||
| - Automated dependency scanning | ||
| - Reproducible build plan |
There was a problem hiding this comment.
Can you talk more about what you mean here? What is meant by plan and reproducible by whom / where?
There was a problem hiding this comment.
A reproducible build plan means that anyone can build the Guardon extension from source and reliably get the same output (extension files, artifacts) every time, regardless of environment or who is building it.
There was a problem hiding this comment.
changing this to "Consistent and Auditable Build Process"
| - Reproducible build plan | ||
| - Release bundles signed with GitHub provenance | ||
| - Mandatory code review for PRs | ||
| - SECURITY.md published in repository |
There was a problem hiding this comment.
What about OpenSSF best practice badging?
There was a problem hiding this comment.
I can definitely focus on getting this badge. it makes sense.
There was a problem hiding this comment.
Sounds good. Maybe add a mention here?
Appreciate Justin for taking time and providing valuable feedback. I have tried to answer all the feedback but if somethings are still not clear, do let me know. I will try to update it again. Looking forward for joint assessment session. |
|
A few minor things and then I can merge. Wherever you feel it is appropriate, can you make the changes in the doc instead of comments here (which will be lost)? Also, would you kindly fix the DCO / lint / spelling issues? I will merge after. 😄 |
|
fixed all spelling/linting changes and also added a DCO file |
|
also incorporated review comments where appropriate |
|
I see that DCO is still broken. You need to DCO sign-off your commits here, not add a DCO.md file. If you click on the DCO action failure, it has instructions about how to fix this. (If you look and can't figure this out, ping me on slack and I can help out.) Other changes look great! |
Added a comprehensive self-assessment document for Guardon, detailing project overview, security boundaries, goals, system architecture, threat model, secure development practices, and known limitations. Signed-off-by: sajal-n <[email protected]> Signed-off-by: Sajal Nigam <[email protected]>
Signed-off-by: sajal-n <[email protected]> Signed-off-by: Sajal Nigam <[email protected]>
Signed-off-by: sajal-n <[email protected]> Signed-off-by: Sajal Nigam <[email protected]>
Signed-off-by: sajal-n <[email protected]> Signed-off-by: Sajal Nigam <[email protected]>
Signed-off-by: sajal-n <[email protected]> Signed-off-by: Sajal Nigam <[email protected]>
Signed-off-by: sajal-n <[email protected]> Signed-off-by: Sajal Nigam <[email protected]>
Signed-off-by: sajal-n <[email protected]> Signed-off-by: Sajal Nigam <[email protected]>
Signed-off-by: sajal-n <[email protected]> Signed-off-by: Sajal Nigam <[email protected]>
Expanded project overview with detailed features of Guardon. Signed-off-by: sajal-n <[email protected]> Signed-off-by: Sajal Nigam <[email protected]>
Updated the Guardon self-assessment documentation to clarify the architecture and functionality, including changes to the validation engine and policy execution details. Signed-off-by: sajal-n <[email protected]> Signed-off-by: Sajal Nigam <[email protected]>
Signed-off-by: sajal-n <[email protected]> Signed-off-by: Sajal Nigam <[email protected]>
Updated system architecture image in self-assessment document. Signed-off-by: sajal-n <[email protected]> Signed-off-by: Sajal Nigam <[email protected]>
Signed-off-by: sajal-n <[email protected]> Signed-off-by: Sajal Nigam <[email protected]>
Signed-off-by: sajal-n <[email protected]> Signed-off-by: Sajal Nigam <[email protected]>
Added self-assessment documentation for Guardon project, detailing project overview, security boundaries, goals, architecture, and more. Signed-off-by: sajal-n <[email protected]> Signed-off-by: Sajal Nigam <[email protected]>
Signed-off-by: sajal-n <[email protected]> Signed-off-by: Sajal Nigam <[email protected]>
Documented the threat model for the Guardon project using STRIDE methodology, detailing assets, actors, risks, mitigations, and attack surfaces. Signed-off-by: sajal-n <[email protected]> Signed-off-by: Sajal Nigam <[email protected]>
Signed-off-by: sajal-n <[email protected]> Signed-off-by: Sajal Nigam <[email protected]>
Signed-off-by: Sajal Nigam <[email protected]>
Signed-off-by: Sajal Nigam <[email protected]>
Signed-off-by: Sajal Nigam <[email protected]>
Signed-off-by: Sajal Nigam <[email protected]>
Signed-off-by: Sajal Nigam <[email protected]>
Signed-off-by: Sajal Nigam <[email protected]>
Signed-off-by: Sajal Nigam <[email protected]>
Signed-off-by: Sajal Nigam <[email protected]>
Signed-off-by: Sajal Nigam <[email protected]>
|
@mnm678 @evankanderson @jkjell I think this should be merged into the TOC repo. Do you want me to merge this here first and then we move it or... |
3 participants
This PR submits the Guardon project for a TAG-Security self-assessment. Guardon is a client-side Kubernetes manifest validator that performs schema-aware validation, policy checks, and security misconfiguration detection directly inside GitHub/GitLab.
The assessment includes:
This submission aims to increase visibility within the CNCF ecosystem, ensure responsible security practices, and gather guidance from the TAG-Security community as Guardon looks toward wider enterprise adoption and potential CNCF Sandbox consideration.