If you discover a security vulnerability in this repository, please report it responsibly.
- Vulnerabilities in any code examples
- Exposed secrets or credentials in documentation
- Security misconfigurations in lab exercises
- Links to malicious or compromised resources
- Do NOT open a public GitHub issue for security vulnerabilities
- Open a private security advisory on GitHub, or
- Contact the maintainers directly
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
When using the lab exercises in this repository, follow these security practices:
# Always use resource limits
resources:
limits:
cpu: "500m"
memory: "128Mi"
requests:
cpu: "100m"
memory: "64Mi"- Never commit real secrets to the repository
- Use placeholder values in examples
- Reference external secret management solutions
Always implement network policies in practice environments:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny-all
spec:
podSelector: {}
policyTypes:
- Ingress
- EgressFollow the principle of least privilege:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: pod-reader
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list"]- Never share actual exam questions
- Do not post screenshots from exams
- Focus on concepts, not specific exam content
- Only link to trusted, official sources
- Verify links are not compromised
- Report any suspicious links immediately
We follow responsible disclosure practices:
- Acknowledgment - We will acknowledge receipt within 48 hours
- Assessment - We will assess and prioritize the issue
- Resolution - We will work on a fix
- Credit - We will credit reporters (unless anonymity is preferred)
For security concerns, please contact the maintainers through GitHub.
Thank you for helping keep this learning resource safe!