dapr
/
docs
mirror of https://github.com/dapr/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add security audit report (#3709) 

Signed-off-by: AdamKorcz <adam@adalogics.com>
This commit is contained in:
AdamKorcz 2023-09-05 18:04:53 +01:00 committed by GitHub
parent ac837d3415
commit a810be20a8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
daprdocs/content/en/concepts/security-concept.md
View File

@ -211,6 +211,21 @@ The Dapr threat model is below.
## Security audit
### September 2023
In September 2023, Dapr completed a security audit done by Ada Logics.
The audit was a holistic security audit with the following goals:
- Formalize a threat model of Dapr
- Perform manual code review
- Evaluate Daprs fuzzing suite against the formalized threat model
- Carry out a SLSA review of Dapr.
You can find the full report [here](/docs/Dapr-september-2023-security-audit-report.pdf).
The audit found 7 issues none of which were of high or critical severity. One CVE was assigned from an issue in a 3rd-party dependency to Dapr Components Contrib
### June 2023
In June 2023, Dapr completed a fuzzing audit done by Ada Logics.

BIN
daprdocs/static/docs/Dapr-september-2023-security-audit-report.pdf Normal file
View File

Binary file not shown.