dapr
/
docs
mirror of https://github.com/dapr/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'v1.11' into issue_3657

This commit is contained in:
Yaron Schneider 2023-09-06 13:56:36 -07:00 committed by GitHub
parent 589fd4eacb a810be20a8
commit d4f8ebb104
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
daprdocs/content/en/concepts/security-concept.md
View File

@ -211,6 +211,21 @@ The Dapr threat model is below.
## Security audit ## Security audit
### September 2023
In September 2023, Dapr completed a security audit done by Ada Logics.
The audit was a holistic security audit with the following goals:
- Formalize a threat model of Dapr
- Perform manual code review
- Evaluate Daprs fuzzing suite against the formalized threat model
- Carry out a SLSA review of Dapr.
You can find the full report [here](/docs/Dapr-september-2023-security-audit-report.pdf).
The audit found 7 issues none of which were of high or critical severity. One CVE was assigned from an issue in a 3rd-party dependency to Dapr Components Contrib
### June 2023 ### June 2023
In June 2023, Dapr completed a fuzzing audit done by Ada Logics. In June 2023, Dapr completed a fuzzing audit done by Ada Logics.

BIN
daprdocs/static/docs/Dapr-september-2023-security-audit-report.pdf Normal file
View File

Binary file not shown.